TIP: Use Markdown or, <pre> for multi line code blocks / <code> for inline code.
These forums are read-only and for archival purposes only!
Please join our new forums at discourse.kohanaframework.org
[SOLVED - for reall this time :P] .htaccess folder password protection
  • Hi all

    I setup my website as per normal and did my development of my admin section (www.mydomain.com/admin). Now I wanted to add password protection to this so I did so through my hosting control panel. When I went back to my admin to see if the password protection was working i got the following error:

    Kohana_Request_Exception [ 0 ]: Unable to find a route to match the URI: 401.shtml
    SYSPATH/classes/kohana/request.php [ 674 ]
    669         }
    670 
    671         // No matching route for this URI
    672         $this->status = 404;
    673 
    674         throw new Kohana_Request_Exception('Unable to find a route to match the URI: :uri',
    675             array(':uri' => $uri));
    676     }
    677 
    678     /**
    679      * Returns the response as the string representation of a request.
    SYSPATH/classes/kohana/request.php [ 230 ] » Kohana_Request->__construct(arguments)
    APPPATH/bootstrap.php [ 110 ] » Kohana_Request::instance()
    DOCROOT/index.php [ 103 ] » require(arguments)
    Environment
    

    So I opened the .htaccess file to see the appended rules and when I remove them the URL works fine. I don't know how to fix it so that it works so maybe someone here has the smarts I don't. Below is what my .htaccess looks like:

    # Turn on URL rewriting
    RewriteEngine On
    
    # Installation directory
    RewriteBase /admin/
    
    # Protect hidden files from being viewed
    <Files .*>
    Order Deny,Allow
    Deny From All
    </Files>
    
    # Protect application and system files from being viewed
    RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
    
    # Allow any files or directories that exist to be displayed directly
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    
    # Rewrite all other URLs to index.php/URL
    RewriteRule .* index.php/$0 [PT]
    
    # Authentication
    AuthType Basic
    AuthName admin
    AuthUserFile /home/.htpasswds/public_html/admin/passwd
    require valid-user
    
  • IIRC when access to a URL is restricted apache will send the user the content of 401.shtml.

    Because this file does not exist, the request is rewritten to the kohana handler.

    The Kohana error you are seeing is because there are no routes configured to match that URL.

    Either create the file in the filesystem, or add a route for that URL to your kohana application and serve the content there.

  • Hi Leth

    I've tried creating a route for the passwd file but I'm not having any luck. Below is what I've ended up with after trying various other formats:

    Route::set('passwordprotection', '/home/.htpasswds/public_html/admin/passwd');
    

    Note - The path shown above is below the public_html folder. So www.mydomain.com would be as follows:

    /home/public_html
    
  • No, he means the route to 401.shtml. You certainly shouldn't attempt to create any kind of route to .htpasswds.

  • How then do I get apache password protection working?

  • See the apache documentation on ErrorDocument if you wish to change the filename apache tries to send for 401 requests.

    The 401.shtml is probably specified as the default in the global webserver config.

  • Either:

    • Create a file named 401.shtml, it should probably have something in it, but it's not a requirement.
    • Or, add a route something like this
    Route::set('401', '401.shtml')->
        defaults(.. specify controller and action ..);
    
  • ok, so I've tried adding a route and creating 401.shtml and I'm still getting the same error. Perhaps I'm placing 401.shtml in the wrong directory. It's currently in my views folder.

  • ok...seems the problem is sorted out. I simply had to move the password protection rules from the .htaccess file that resides in /public_html/admin and paste them in the .htaccess file that resides in /public_html (ie. the root of the website)

  • It seems I spoke too soon. What I thought was working actually didn't take effect until this morning and the password protection is now on www.mydomain.com instead of www.mydomain.com/admin

  • Ok, I've really solved this issue now. It seems that the .htaccess file inside /public_html was the issue. I simply needed to add the following line to it for the password protection to work on www.mydomain.com/admin

    ErrorDocument 401 “Unauthorized”
    

    And Bob's your uncle!

  • It looks like that option tells apache to send the string "Unauthorized" instead of the contents of the file it was previously looking for, thereby solving your problem :)

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion