3

Given this folder / file structure:

private/.htpasswd
public/.htaccess

... where public is the root folder of a virtual host in Apache, and private is its sibling folder:

How do I define a relative path for AuthUserFile in the .htaccess file, such that it is able to access /private/.htpasswd

I've tried:

AuthType Basic 
AuthUserFile ../private/.htpasswd
require valid-user

But that doesn't work, because it tries to find the file relative to the ServerRoot, in stead of relative the virtual host root.

I won't have access to the config file on the production server (shared host) and I don't want to define an absolute path, because my testing and production file system structures don't match.

Is it still possible to achieve what I want, given these conditions?

Decent Dabbler
  • 169
  • 1
  • 1
  • 8

4 Answers4

1

You may use symlink on testing system, for example /srv/www/vhost/private/.htpasswd -> /var/www/vhost/private/.htpasswd. The first path need to be same as on production server. Then you will be able to use the same paths on both servers. Options FollowSymLinks may be required for this. I don't see any way to include config files not relatively to ServerRoot.

Selivanov Pavel
  • 2,126
  • 3
  • 23
  • 47
  • I'm gonna try and tinker with this a bit. My testing environment is a Windows environment though, so it probably won't work, but I'll give it a shot. Thanks. – Decent Dabbler Sep 20 '11 at 21:51
  • NTFS can make hard links, see [this](http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/fsutil_hardlink.mspx?mfr=true). To have similar paths on testing and production, you may create hardlink and specify file path relatively to ServerRoot. – Selivanov Pavel Sep 20 '11 at 21:57
1

If the symlink solution posted by Selivanov Pavel does not work, you could disable Auth* directives in .htaccess using ALlowOverride -AuthConfig (or disable .htaccess altogether) and move the Auth config to the Apache conf on your local machine only.

xofer
  • 3,052
  • 12
  • 19
1

Let's take an example.

Your application is located in /var/www/myApp on some Linux server

.htaccess : /var/www/myApp/.htaccess

htpasswdApp : /var/www/myApp/htpasswdApp. (You're free to use any name for .htpasswd file)

To use relative path in .htaccess:

AuthType Digest
AuthName myApp
AuthUserFile "htpasswdApp"
Require valid-user

But it will search for file in server_root directory. Not in document_root.

In out case, when application is located at /var/www/myApp :

document_root is /var/www/myApp

server_root is /etc/apache2 //(just in our example, because of we using the linux server)

You can redefine it in your apache configuration file ( /etc/apache2/apache2.conf), but I guess it's a bad idea.

So to use relative file path in your /var/www/myApp/.htaccess you should define the password's file in your server_root.

I prefer to do it by follow command:

sudo ln -s /var/www/myApp/htpasswdApp /etc/apache2/htpasswdApp

You're free to copy my command, use a hard link instead of symbol,or copy a file to your server_root.

Sild
  • 111
  • 3
0

Without a leading / then the path provided to AuthUserFile is relative to ServerRoot. Your private directory will have a path relative to ServerRoot so just provide that - given 

ServerRoot /var/www

and a provate directory at 

/var/www/some/path/private

then 

AuthUserFile some/path/private

should work.

user9517
  • 114,104
  • 20
  • 206
  • 289
  • Yeah I understand this, but since the file structure on my testing server and production server don't match, I'd have to edit `.htaccess` on the production server. Preferably I want to keep it as portable as possible. – Decent Dabbler Sep 20 '11 at 21:33
  • I checked that ServerRoot is a place that contains configuration, and logs will be written to there like the line "ErrorLog logs/error_log" in /etc/httpd/conf/httpd.conf. (default ServerRoot is /etc/httpd) Thus, it is not a good practice to change it like `ServerRoot /var/www`, because the logs will be put there too. – Johnny Wong Mar 08 '17 at 03:16