Apache Web-Serving with Mac OS X, Part 4
Subject:   Personal configurations and passwd authentication
Date:   2002-03-11 03:42:19
From:   spiffyman
First, I just want to say thanks for a really great tutorial. After reading the Terminal tutorials and yours, I'm planning on ordering my first O'Reilly books. If they're anything like yours, I know they'll be good.

In the meantime, though, I'm having a few problems.

After configuring my .conf file (jboyd.conf), I cannot access localhost or, and when I try to access /~jboyd/ with localhost, it gives me a 403 Forbidden error. The .conf looks like this:

<Directory "/Users/jboyd/Sites/">
Options -Indexes MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from localhost

I've also tried "Allow from" -- to no avail.

(An incidental question: can we set several IP-specific allows or denies using commas or spaces to differentiate them?)

Meanwhile, accessing /~jboyd/ at does not ask for any authentication. I've created an .htaccess file via pico (which now resides in my Sites directory) with the following pertinent lines:

AuthName "Jeremy Boyd's Personal Training Grounds"
AuthType Basic
AuthUserFile /Library/WebServer/.htpasswd
require user jboyd

Yes, the .htpasswd file exists, and yes, jboyd is in it. I'm unsure whether the .htaccess file is in the right place, though.

Any help would be appreciated. Thanks again for great articles, but no thanks for enthralling me and keeping me up all night. ;-)

Full Threads Oldest First

Showing messages 1 through 3 of 3.

  • Morbus Iff photo Personal configurations and passwd authentication
    2002-03-11 17:00:44  Morbus Iff | O'Reilly Author [View]

    When you get that 403 error, check your error logfile - does your IP address show as 127 or localhost? If it doesn't, then you'll need to add that IP into your "Allow" line. You can only have one IP, IP range, or hostname per "Allow" line.

    Finally, authentication will NOT work unless you've told Apache to allow authetication under the Sites directory. This involves opening your username.conf file (located in /etc/httpd/users/username.conf) and adding "AllowOverride AuthConfig" (for just authentication control) or "AllowOverride All" (to allow overriding of all default Apache directives).
    • Personal configurations and passwd authentication
      2002-03-11 18:37:51  spiffyman [View]

      Thanks for the help, but I'm still having problems. The error log reads my static IP address, so I changed the .conf file to read:

      <Directory "/Users/jboyd/Sites/">
      Options -Indexes MultiViews
      AllowOverride All
      Order deny,allow
      Deny from all
      Allow from

      Still Forbidden, and still no password authentication. Also, I still can't access the DocumentRoot using localhost or I didn't think my personal .conf file or my .htaccess file would change that. Am I missing something?

      Thanks a bunch.
      • Morbus Iff photo Personal configurations and passwd authentication
        2002-03-13 20:15:36  Morbus Iff | O'Reilly Author [View]

        What do you have in the /Users/jboyd/Sites/ directory? Is there a index.html or index.htm file in there? As it is now, with "-Indexes" turned off in your config, I'm thinking that Apache's trying to resolve an index *first*, before the user authentication.

        First things first, change "-Indexes" to just place old "Indexes", so that automatic indexes are created. THEN try getting to /~jboyd/ and tell me what you see.

        Concerning your DocumentRoot, no, an .htaccess file shouldn't be able to harm that, but using you could do some damage with your user .conf file. If the .conf file is all you've shown me here though, then it shouldn' t be a problem.

        Finally, what are the contents of your error_log, shortly after you get the 403 Forbidden error message?