bonjour tout le monde,
le server est peresque pret a fonctionner 
mais je recontre un petit pb que je n’arrive pas a resoudre.
j’ai mis dans mes repertoires d’admin un htaccess et htpasswd afin de proteger ces repertoires via un mdp.
c’est comme s’il n’y avait rien, j’arrive sur mes index sans passer par la demande de login et mdp.
les 2 .ht** fonctionnent tres bien sur un autre server, j’ai teste.
il doit y avoir un manque dans apache2.conf ou ailleurs dans les fichiers apache, mais je ne trouve rien, et ca fait quand meme 2 jours que je suis dessus en lisant et relisant des tutos ou autres.
merci d’avance
les tutos c’est bien, mais en cas de pépin il faut remonter à la source
merci thomas,
j’avais vu cette page aussi et la config est presque comme celle la.
mais le pb est que ca n’a effet dans aucun repertoire.
j’ai beau mettre ces 2fichers dans un repertoire /home/herergement/lenomduclient ou dans le repertoire d’accueil au demrrage d’apache /var/www/ ou dans le repertoire que je veux proteger, ca ne change rien.
les allowoverride son a All.
quand je compare le apache2.conf d’origine avec celui que j’ai, il manque des choses.
j’ai mis des directory pour mes repertoires aussi.
tout le monde seche sur ce pb qui comme dab tout etre devant le bout du nez.
et quand on sait comment est installe un server, c’est assez facile de se promener partout quand il n’y a pas d’htaccess et htpasswd.
Faire nous voir les fichiers htacc + htpass + conf d’apache,
Cyrille
apache2.conf
[quote]ServerRoot “/etc/apache2”
The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#
#
PidFile: The file in which the server should record its process
identification number when it starts.
This needs to be set in /etc/apache2/envvars
PidFile ${APACHE_PID_FILE}
Timeout: The number of seconds before receives and sends time out.
Timeout 300
KeepAlive: Whether or not to allow persistent connections (more than
one request per connection). Set to “Off” to deactivate.
KeepAlive On
MaxKeepAliveRequests: The maximum number of requests to allow
during a persistent connection. Set to 0 to allow an unlimited amount.
We recommend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
KeepAliveTimeout: Number of seconds to wait for the next request from the
same client on the same connection.
KeepAliveTimeout 15
Server-Pool Size Regulation (MPM specific)
prefork MPM
StartServers: number of server processes to start
MinSpareServers: minimum number of server processes which are kept spare
MaxSpareServers: maximum number of server processes which are kept spare
MaxClients: maximum number of server processes allowed to start
MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0 [/quote]000.default
[code]<VirtualHost *:80>
ServerAdmin webmaster@xxxxxx.fr
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride All
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
Alias /postfixadmin/ "/var/www/postfixadmin/"
<Directory "/var/www/postfixadmin/">
Options Indexes MultiViews
AllowOverride All
Order deny,allow
Deny from all
Allow from 192.168.1.0/255.255.255.0 88.189.133.10
Allow from all
</Directory>
htaccess
[quote]AuthUserFile /var/www/xxxxxx/.htpasswd
AuthGroupFile /dev/null
AuthName "Accès protégé"
AuthType Basic
htpasswd
vous savez comment ca se passe, il est pas crypte 
Quel répertoire veux tu protéger et où mets tu ton htaccess ?
Dans ton apache2.conf
il ne te manquerai pas la directive
non elle y est j’avais pas vu que tout le fichier n’etait pas affiche.
ServerRoot “/etc/apache2”
The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#<IfModule !mpm_winnt.c>
#<IfModule !mpm_netware.c>
LockFile /var/lock/apache2/accept.lock
#
#
PidFile: The file in which the server should record its process
identification number when it starts.
This needs to be set in /etc/apache2/envvars
PidFile ${APACHE_PID_FILE}
Timeout: The number of seconds before receives and sends time out.
Timeout 300
KeepAlive: Whether or not to allow persistent connections (more than
one request per connection). Set to “Off” to deactivate.
KeepAlive On
MaxKeepAliveRequests: The maximum number of requests to allow
during a persistent connection. Set to 0 to allow an unlimited amount.
We recommend you leave this number high, for maximum performance.
MaxKeepAliveRequests 100
KeepAliveTimeout: Number of seconds to wait for the next request from the
same client on the same connection.
KeepAliveTimeout 15
Server-Pool Size Regulation (MPM specific)
prefork MPM
StartServers: number of server processes to start
MinSpareServers: minimum number of server processes which are kept spare
MaxSpareServers: maximum number of server processes which are kept spare
MaxClients: maximum number of server processes allowed to start
MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 150 MaxRequestsPerChild 0worker MPM
StartServers: initial number of server processes to start
MaxClients: maximum number of simultaneous client connections
MinSpareThreads: minimum number of worker threads which are kept spare
MaxSpareThreads: maximum number of worker threads which are kept spare
ThreadsPerChild: constant number of worker threads in each server process
MaxRequestsPerChild: maximum number of requests a server process serves
StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0These need to be set in /etc/apache2/envvars
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
AccessFileName: The name of the file to look for in each directory
for additional configuration directives. See also the AllowOverride
directive.
AccessFileName .htaccess
The following lines prevent .htaccess and .htpasswd files from being
viewed by Web clients.
<Files ~ “^.ht”>
Order allow,deny
Deny from all
DefaultType is the default MIME type the server will use for a document
if it cannot otherwise determine one, such as from filename extensions.
If your server contains mostly text or HTML documents, “text/plain” is
a good value. If most of your content is binary, such as applications
or images, you may want to use “application/octet-stream” instead to
keep browsers from trying to display binary files as though they are
text.
DefaultType text/plain
HostnameLookups: Log the names of clients or just their IP addresses
e.g., www.apache.org (on) or 204.62.129.132 (off).
The default is off because it’d be overall better for the net if people
had to knowingly turn this feature on, since enabling it means that
each client request will result in AT LEAST one lookup request to the
nameserver.
HostnameLookups Off
ErrorLog: The location of the error log file.
If you do not specify an ErrorLog directive within a
container, error messages relating to that virtual host will be
logged here. If you do define an error logfile for a
container, that host’s errors will be logged there and not here.
ErrorLog /var/log/apache2/error.log
LogLevel: Control the number of messages logged to the error_log.
Possible values include: debug, info, notice, warn, error, crit,
alert, emerg.
LogLevel warn
Include module configuration:
Include /etc/apache2/mods-enabled/.load
Include /etc/apache2/mods-enabled/.conf
Include all the user configurations:
Include /etc/apache2/httpd.conf
Include ports listing
Include /etc/apache2/ports.conf
The following directives define some format nicknames for use with
a CustomLog directive (see below).
If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i
LogFormat “%v:%p %h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” vhost_combined
LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” combined
LogFormat “%h %l %u %t “%r” %>s %b” common
LogFormat “%{Referer}i -> %U” referer
LogFormat “%{User-agent}i” agent
Define an access log for VirtualHosts that don’t define their own logfile
CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
Customizable error responses come in three flavors:
1) plain text 2) local redirects 3) external redirects
Some examples:
#ErrorDocument 500 “The server made a boo boo.”
#ErrorDocument 404 /missing.html
#ErrorDocument 404 “/cgi-bin/missing_handler.pl”
#ErrorDocument 402 example.com/subscription_info.html
Putting this all together, we can internationalize error responses.
We use Alias to redirect any /error/HTTP_.html.var response to
our collection of by-error message multi-language collections. We use
includes to substitute the appropriate text.
You can modify the messages’ appearance without changing any of the
default HTTP_.html.var files by adding the line:
Alias /error/include/ “/your/include/path/”
which allows you to create your own set of files by starting with the
/usr/share/apache2/error/include/ files and copying them to /your/include/path/,
even on a per-VirtualHost basis. The default include files will display
your Apache version number and your ServerAdmin email address regardless
of the setting of ServerSignature.
The internationalized error documents require mod_alias, mod_include
and mod_negotiation. To activate them, uncomment the following 30 lines.
Alias /error/ “/usr/share/apache2/error/”
<Directory “/usr/share/apache2/error”>
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en cs de es fr it nl sv pt-br ro
ForceLanguagePriority Prefer Fallback
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
Include of directories ignores editors’ and dpkg’s backup files,
see README.Debian for details.
Include generic snippets of statements
Include /etc/apache2/conf.d/
Include the virtual host configurations:
Include /etc/apache2/sites-enabled/
pb resolu et comme d’habitude, une betise.
il fallait mettre
AuthUserFile "/var/www/xxxxxx/.htpasswd"
AuthGroupFile /dev/null
AuthName "Accès protégé"
AuthType Basic
require valid-user