Comments on: How-To: Password Protect Apache Directories with .htaccess

By: Drew

Drew — Tue, 28 Sep 2010 20:39:33 +0000

On thing you might want to add is blocking direct access to the Splunk webserver on port 8000. Otherwise there is no point in setting up a proxy.

Ya, this is what I did too, just never placed it into this article. I just proxied it and disabled port 8000 from the outside.

By: Darren

Darren — Wed, 18 Aug 2010 16:12:39 +0000

Great article. I had the general idea to do this but your article saved me ages messing about with various proxy directives.

On thing you might want to add is blocking direct access to the Splunk webserver on port 8000. Otherwise there is no point in setting up a proxy.

I used iptables rules as follows:

# Block all requests to port 8000
iptables -I INPUT -p tcp –dport 8000 -j REJECT

# Allow requests to port 8000 from localhost
iptables -I INPUT -s 127.0.0.1/32 -p tcp –dport 8000 -j ACCEPT

By: DeckerD: Drew’s Personal Corner of the Web » Splunk Free: .htaccess Protection using Apache

Wed, 12 Dec 2007 01:29:09 +0000

[...] configuration, you told Apache to use the .htpasswd.users file in the /var/www directory. You can follow my other article on how to configure .htaccess. If you plan on storing your .htaccess/.htpasswd files somewhere else, [...]

By: Me

Me — Wed, 07 Nov 2007 10:10:20 +0000

Finally, a useful article. I always edited httpd.conf, but not sites-enabled. Thanks a lot!

By: Drew

Drew — Wed, 05 Sep 2007 22:44:36 +0000

Nice read. Thnx for the detailed write-up.

Thanks for the kinda words. Feel free to send me other ideas. I have plenty more to come, actually, but I’ve been rather busy. I’ll see if I can get some of my ideas off the paper and onto the site.

Thanks,
Drew

By: MrGroove

MrGroove — Tue, 28 Aug 2007 04:22:39 +0000

Nice read. Thnx for the detailed write-up.

By: Drew

Drew — Sat, 28 Jul 2007 20:31:54 +0000

Hello Jeremy,

This can easily be due to Apache configuration, that is probably not due to my little tutorial here. I make sure all of my articles are pretty straight forward and very wordy to insure that I get all the detail out.

What OS are you running, and what version of Apache? If you could contact me via the Contact Me page with your Apache configuration, I might be able to help you. Internal Server Errors (500) are usually due to a configuration on the actual web server, and might not be due to my article, especially since you stated that you get the password prompt, and once it lets you in, it gives you internal server errors. This statement actually indicates that my article deemed a success and it did work.

Please let me know how I can further help you out with these errors. Drop me a line or something; I’d love to help.

Regards,
Drew

By: jeremy

jeremy — Fri, 27 Jul 2007 05:36:20 +0000

this one didnt work for me. i got a password prompt but when trying to login i got internal server errors.

By: keith

keith — Tue, 19 Jun 2007 13:35:48 +0000

Nice how-to. I have a question… what if I want to let some users get into a directory but just one of them into another directory inside?

Thanks for the how-to, anyway ;)

By: Drew

Drew — Tue, 26 Dec 2006 23:41:11 +0000

Great! Glad I could help. It’s not the most “secure” soution, but sure does work for a temporary solution.

Either way, its a great way of password protecting directories, without having root access to the server.

Again, thanks!