This forum has been moved here:
Helicon Tech Community Forum

Helicon Ape (Forum Locked Forum Locked)
 Helicon Tech : Helicon Ape
Subject Topic: Securing Folder with APE
Author
Message |
berekenauto
Newbie


Joined: 14 April 2010
Posts: 2
Posted: 14 April 2010 at 3:51am

I'm trying to secure a folder with APE. does anyone have an example how this works?

Thank you already.
Back to Top Visit berekenauto's Homepage
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 14 April 2010 at 4:31am

Hello,
Authentication features are implemented in Ape through mod_auth* modules. You may find the following articles interesting:
HTTP Authentication and Authorization
Enabling site authentication not using Windows users

I can help you to write configuration if you provide me with details.
Thank you for your interest in our software.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
jsauve
Newbie


Joined: 17 April 2010
Posts: 7
Posted: 17 April 2010 at 3:42pm

Hi, I'm interested in doing something similar to the original poster. I've followed the first of the two links posted above. I'm trying to secure the entire site (root).

I have:
  • installed APE
  • have made ONLY the following lines un-commented in the global httpd.conf:
    • LoadModule auth_basic_module     modules/mod_auth_basic.so
    • LoadModule authn_file_module    modules/mod_authn_file.so
    • LoadModule authz_user_module    modules/mod_authz_user.so
  • created a .htaccess file in the root of my site and configured it
  • created a .htpasswd file in the root of my site (I know it's insecure) and configured it
  • setup one user for basic auth using Apace MD5
  • pointed the AuthUserFile directive to the correct .htpaswd path
  • Restarted IIS and restarted my site
I'm using the freeware version of APE and IIS 7.5.

When I browse my site, I don't receive the auth prompt. The site remains browse-able, as if there is no authentication setup. I have experience with this in Apache, but I've never done it in IIS.

Any idea what's going on?

- Joe
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 18 April 2010 at 10:17am

Hello,
Leta��s make sure Apea��s set and working. Please provide me with error.log file records.
Thank you.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
jsauve
Newbie


Joined: 17 April 2010
Posts: 7
Posted: 18 April 2010 at 12:00pm

I wish I could IM this instead of posting here, but here it is:

[4/17/2010 2:40:28 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 2:40:28 PM] [cache_module] items stored in the cache: 0; bytes available for the cache: 1184972340, physical memory limit: 97%
[4/17/2010 2:41:16 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 2:41:16 PM] [cache_module] items stored in the cache: 0; bytes available for the cache: 1184972340, physical memory limit: 97%
[4/17/2010 2:48:17 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 2:48:17 PM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/17/2010 2:48:17 PM] [authn_file_module] (4) [/] Could not open password file: c:\inetpub\.htpasswds
[4/17/2010 2:48:17 PM] [ConfigLoader] (4) [/] c:\development\projects\[obfuscated]\nopcommercestore\.htaccess(11): Invalid command 'AuthUserFile c:\inetpub\.htpasswds' on line 11, perhaps misspelled or defined by a module not included in the server configuration
[4/17/2010 2:53:31 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 2:53:31 PM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/17/2010 3:25:28 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 3:25:28 PM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/17/2010 3:26:09 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 3:26:09 PM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/17/2010 3:26:31 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 3:26:31 PM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/17/2010 3:38:12 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 3:38:12 PM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/17/2010 4:52:50 PM] [LicenseManager] Site with id=1 is working with free license
[4/17/2010 4:52:50 PM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/18/2010 1:23:18 AM] [LicenseManager] Site with id=1 is working with free license
[4/18/2010 1:23:18 AM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/18/2010 9:07:14 AM] [LicenseManager] Site with id=1 is working with free license
[4/18/2010 9:07:14 AM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/18/2010 9:35:57 AM] [LicenseManager] Site with id=1 is working with free license
[4/18/2010 9:35:57 AM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/18/2010 9:38:41 AM] [LicenseManager] Site with id=1 is working with free license
[4/18/2010 9:38:41 AM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/18/2010 9:41:21 AM] [LicenseManager] Site with id=1 is working with free license
[4/18/2010 9:41:21 AM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/18/2010 10:01:37 AM] [LicenseManager] Site with id=1 is working with free license
[4/18/2010 10:01:37 AM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration
[4/18/2010 10:39:13 AM] [LicenseManager] Site with id=1 is working with free license
[4/18/2010 10:39:13 AM] [ConfigLoader] C:\Program Files (x86)\Helicon\Ape\httpd.conf(83): Invalid command 'Header append Server "enhanced by Helicon Ape/3.0"' on line 83, perhaps misspelled or defined by a module not included in the server configuration

That line about the .htpasswds has been fixed. My new htpasswd file is located elsewhere and is named ".htpasswd". I can't imagine that the header append command would make APE fail entirely, would it? This is also set in the main httpd.conf: "Options -StopOnError", which (according to the code comment above it), I interpret as "don't stop running if an error occurs".

Thanks in advance for your help.

- Joe

Back to Top
 
jsauve
Newbie


Joined: 17 April 2010
Posts: 7
Posted: 18 April 2010 at 12:28pm

I turned on detailed logging. Here's the most recent log entries:

[4/18/2010 12:22:46 PM] [LicenseManager] Site with id=1 is working with free license
[4/18/2010 12:22:46 PM] [mod_core_context] (8) [/[obfuscated].aspx] ConfigFactory.LoadHtaccess: c:\development\projects\[obfuscated]\nopcommercestore\.htaccess
[4/18/2010 12:22:46 PM] [authn_file_module] (8) [/[obfuscated].aspx] AuthUserFile: C:\development\projects\[obfuscated]\NopCommerceStore\.htpasswd
[4/18/2010 12:22:46 PM] [authn_file_module] (8) [/[obfuscated].aspx] user [obfuscated] added
[4/18/2010 12:22:46 PM] [mod_core_context] (8) [/App_Themes/Twilight/[obfuscated].css] ConfigFactory.LoadHtaccess:
[4/18/2010 12:22:46 PM] [mod_core_context] (8) [/App_Themes/Twilight/[obfuscated].css] ConfigFactory.LoadHtaccess:
[4/18/2010 12:22:47 PM] [mod_core_context] (8) [/Scripts/jquery-1.3.2.min.js] ConfigFactory.LoadHtaccess:
[4/18/2010 12:22:47 PM] [mod_core_context] (8) [/Scripts/jQueryUI/js/jquery-ui-1.7.2.custom.min.js] ConfigFactory.LoadHtaccess:
[4/18/2010 12:22:47 PM] [mod_core_context] (8) [/Scripts/jQueryUI/js/jquery-ui-1.7.2.custom.min.js] ConfigFactory.LoadHtaccess:
[4/18/2010 12:22:47 PM] [mod_core_context] (8) [/App_Themes/Twilight/images/bodybg.jpg] ConfigFactory.LoadHtaccess:
[4/18/2010 12:22:47 PM] [mod_core_context] (8) [/images/mobileapps.jpg] ConfigFactory.LoadHtaccess:
[4/18/2010 12:22:47 PM] [mod_core_context] (8) [/Services/RegionService.asmx/GetCountries] ConfigFactory.LoadHtaccess:

It appears that everything is loading OK, but I don't get any authorization prompt.

- Joe
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 19 April 2010 at 7:30am

Hello,
Thank you for the logs. Please try and comment out the Header directive at the end of the httpd.conf.

P.S.: You may use [email protected] to send private information.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
jsauve
Newbie


Joined: 17 April 2010
Posts: 7
Posted: 19 April 2010 at 6:24pm

Thanks for advice, but I'm still seeing the same results after commenting out the header directive: no prompt for authentication.

Perhaps I can just try it on my shared hosting account instead of my local IIS 7.5 instance?

Any advice that I need beyond placing the dll in my bin folder as specified here?: http://www.helicontech.com/ape/doc/minstall.htm

If this works, I'll definitely be purchasing at least one license because the HTTP Auth functionality is so important to me.

Thanks again,
- Joe


Edited by jsauve - 19 April 2010 at 6:28pm
Back to Top
 
jsauve
Newbie


Joined: 17 April 2010
Posts: 7
Posted: 19 April 2010 at 6:34pm

Aha!!! As soon as I installed the 45-day trial version, it started working! I got my auth prompt! Fantastic!

That's kinda weird though. You may want to check the most recent build of the freeware binary. Perhaps there's something wrong with it? Anyone else having problems?

Thanks again!!! So Happy!!!

- Joe
Back to Top
 
jsauve
Newbie


Joined: 17 April 2010
Posts: 7
Posted: 19 April 2010 at 7:18pm

Okay, so I'm thrilled, but here's a question:

Does the path specified in .htaccess for the location of .htpasswd NEED to be an absolute path. Can it be relative? I'm not so sure that I can figure out what the physical path of the site is on my shared hosting account.

I'll consult my host as well, but any advice would be appreciated. Thanks.

- Joe

UPDATE: Figured it out. I was able to retrieve the path by observing the Helicon errors.log.


Edited by jsauve - 19 April 2010 at 9:12pm
Back to Top
 
jsauve
Newbie


Joined: 17 April 2010
Posts: 7
Posted: 19 April 2010 at 9:37pm

ANOTHER issue I need help with:

When I run APE on my local IIS 7.5 box, everything works great. When I try this on my shared host, I have problems. The auth prompt comes up, but my username and password aren't working. I checked errors.log, but there seems to be no errors. To test my ".htpasswd" path, I changed the file name to ".htpassw" (removed the "d"), and then I started seeing errors. So, I changed it back.

I just also noticed this in the error.log: "Trial days left 0". How do I license my remote shared web host?

- Joe
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 20 April 2010 at 9:34am

Hello,
Unfortunately free version isna��t applicative for shared hosting. You may install it with administrator assistance only.

Here is a guide on how to install full version on shared hosting: http://helicontech.blogspot.com/2009/04/how-to-install-helicon-ape-on-shared.html

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
satyenshah
Newbie


Joined: 24 June 2008
Posts: 11
Posted: 17 October 2010 at 10:38pm

I just noticed the same thing. On IIS7.5 with Apache Ape
0052 Free, I couldn't get the browser to prompt for
login. After I uninstalled the free version and
installed the 45-day trial, Ape worked fine.

From error.log:
Code:

[10/17/2010 11:31:00 PM] [authn_file_module] (8)
[/publicworks/sweeping/jj/] user test1 added
[10/17/2010 11:31:00 PM] [auth_basic_module] (8)
[/publicworks/sweeping/jj/] Authorization header not
found
[10/17/2010 11:31:10 PM] [auth_basic_module] (8)
[/publicworks/sweeping/jj/] auth provider: file
[10/17/2010 11:31:10 PM] [authz_user_module] (8)
[/publicworks/sweeping/jj/] valid-user found


With the free version, error.log would contain the first
line, but not the subsequent lines. The free version
would just deliver the content without authenticating.

(Also I own the server it's not shared)

Edited by satyenshah - 17 October 2010 at 10:42pm
Back to Top
 
Vyacheslav
Admin Group


Joined: 02 July 2008
Location: Ukraine
Posts: 1542
Posted: 20 October 2010 at 1:39am

Hello,
I’m sorry for delay.

Free version has no features limitation. Only amount of served websites is limited. I believe in case of Free version you haven’t enabled free license properly. You should use Helicon Ape Manager → Help → License Manager to set websites which should be server.
It’s also possible that you have inbuilt IIS authentication enabled. Please try and disable it.

__________________
Slavik Shynkarenko,
Helicon Tech.
Back to Top Visit Vyacheslav's Homepage
 
satyenshah
Newbie


Joined: 24 June 2008
Posts: 11
Posted: 21 October 2010 at 12:35am

Yes that fixed it. Helicon Ape Free started working after I checked off the website in License Manager. Thank you!
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version