Jump to content

.htaccess enabled ACP?

Guest Keven Fox

By Guest Keven Fox
in Feedback

Recommended Posts

Keven Fox Explorer

Keven Fox

Posted
Posted

Okay I posted it as a bug, but wanted to put out a heads up on this too.

I was very impressed with all the security features with 2.2, I enabled the stronghold cookie and then I saw the htaccess thing.

So I went and input my name and password.

No problems until my admins said they can't get into the ACP. I figured it was a problem on their end until I checked around found my .htaccess and pass files. I downloaded them to my computer first then deleted them. Sure enough I could no longer get into the ACP.

So I uploaded them back. There is no way to turn this "setting" off once you've done it.

Is this a bug? Am I doing something wrong?

Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

If the htaccess no longer exists on the server, the ACP won't ask for the secondary login. That's an Apache feature. All you have to do to turn the setting off is to delete the htaccess/htpasswd files.

I don't know exactly what you are doing so I can't say what it is 'wrong' you are doing. Perhaps the files are written with a permission so you can't actually 'delete' them from FTP, even though you thought you did?

Link to comment
Share on other sites
.KX Explorer

.KX

Posted
Posted

If you are experiencing problems deleting a file via FTP. Here is what you should do.

Providing you have CPanel, login to your CPanel and go to the File Manager. From there you can delete the file - and even if the file is protected (so that it can't be deleted) it will still be deleted. I'm not sure if this is a feature or bug of the CPanel File Manager but it's very useful sometimes.

Link to comment
Share on other sites
Keven Fox Explorer

Keven Fox

Posted
Posted

If the htaccess no longer exists on the server, the ACP won't ask for the secondary login. That's an Apache feature. All you have to do to turn the setting off is to delete the htaccess/htpasswd files.



I don't know exactly what you are doing so I can't say what it is 'wrong' you are doing. Perhaps the files are written with a permission so you can't actually 'delete' them from FTP, even though you thought you did?


When I delete the files from my admin folder then I am in the same boat as my admins, the log in popup keeps coming and doesn't stop. I input my name, password and boom it's up again.

I want to REMOVE the htaccess option and it's not letting me. Not by deleting the files or anything.

This has to be a bug, I saw a "feature" with the new IPB, and thought it would be good and now my own admins can't get into the acp.
Link to comment
Share on other sites
Keven Fox Explorer

Keven Fox

Posted
Posted

If you are experiencing problems deleting a file via FTP. Here is what you should do.



Providing you have CPanel, login to your CPanel and go to the File Manager. From there you can delete the file - and even if the file is protected (so that it can't be deleted) it will still be deleted. I'm not sure if this is a feature or bug of the CPanel File Manager but it's very useful sometimes.


I have no problems deleting any files and am quite aware of cPanel's File Manager to ensure deletions. Thanks though.
Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

Again, this is apache. Are you familiar with htaccess files?

With an htaccess and htpasswd files, you can make Apache request a login before accessing the script. If you delete those files, Apache should no longer request the login. IPB has very little to do with this, other than showing you the code to put in the files and/or writing the files for you (if possible).

After deleting the files, the login should go away, plain and simple. If it doesn't, the files didn't get deleted, or the request is somehow cached in your browser (not sure that's even possible). :blink:

Link to comment
Share on other sites
Keven Fox Explorer

Keven Fox

Posted
Posted

Again, this is apache. Are you familiar with htaccess files?



With an htaccess and htpasswd files, you can make Apache request a login before accessing the script. If you delete those files, Apache should no longer request the login. IPB has very little to do with this, other than showing you the code to put in the files and/or writing the files for you (if possible).



After deleting the files, the login should go away, plain and simple. If it doesn't, the files didn't get deleted, or the request is somehow cached in your browser (not sure that's even possible). :blink:


So how do I even FIX this? Like I said I enabled this because IP.Board suggested it in the security settings.

And yes the files were deleted, but the setting may have remained in the ACP or something.
Link to comment
Share on other sites
Keith J. Kacin Community Regular

Keith J. Kacin

Posted
Posted

I have tested this and cannot reproduce.

Some servers "hide" .htaccess files in normal browsing/FTP browsing... (as in makes any file that starts with a period not visible.).

I would recommend contacting your webhost and having them look into this, have them see if the files are still present in the folder via SSH.

Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

Seriously -I apologize for the trouble, but you are doing something wrong. :) .htaccess password protection is a relatively common and simple procedure, and I don't know what else to tell you at this time.

It doesn't make it so other admins can't login.
The password prompt does not remain after the file is removed.

If it does on your server, something is wrong with your server. I honestly don't know what else to tell you.

PM me with your ACP url and login information, and your FTP login information. With or without the .htaccess file there. I need to see this firsthand. Cuz it's just not possible.

Link to comment
Share on other sites
Keven Fox Explorer

Keven Fox

Posted
Posted

Seriously -I apologize for the trouble, but you are doing something wrong. :) .htaccess password protection is a relatively common and simple procedure, and I don't know what else to tell you at this time.



It doesn't make it so other admins can't login.


The password prompt does not remain after the file is removed.



If it does on your server, something is wrong with your server. I honestly don't know what else to tell you.



PM me with your ACP url and login information, and your FTP login information. With or without the .htaccess file there. I need to see this firsthand. Cuz it's just not possible.


I'll give you a premade Admin account at my site so you can see what happens.

Um lemme figure something out for the FTP I'm about to get to bed.
Link to comment
Share on other sites
bfarber Grand Master

bfarber

Posted
Posted

Ok, I've now got FTP and ACP access.

There is no .htaccess file in the directory, and I got no prompt. Additionally, to have made my account, you must have been able to get into the ACP.

In talking through PM, it seems there was apparently some confusion over WHAT login to use when the htaccess prompt comes up. This is NOT your IPB login - every admin MUST use the same login you specify when creating the file.

Link to comment
Share on other sites
Keven Fox Explorer

Keven Fox

Posted
Posted

All is well now please close this thread.

Also could someone remove the bug report I made? I *thought* I had to log in with my forum details to allow access, but Brandon pointed it out to me that the htaccess login should be different and I can give that log in to all my admins.

Makes sense now. I was being an idiot..... again.

Please close

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...