Re: Apache-Problem (htaccess - not a config-problem)

To: debian-apache@lists.debian.org
Subject: Re: Apache-Problem (htaccess - not a config-problem)
From: Andrew Shugg <andrew@neep.com.au>
Date: Thu, 12 Sep 2002 15:10:10 +0800
Message-id: <[🔎] 20020912151003.B27224@neep.com.au>
Mail-followup-to: debian-apache@lists.debian.org
In-reply-to: <[🔎] 20020902160419.2fe46647.osass@ix.urz.uni-heidelberg.de>; from osass@ix.urz.uni-heidelberg.de on Mon, Sep 02, 2002 at 04:04:19PM +0200
References: <[🔎] 20020902160419.2fe46647.osass@ix.urz.uni-heidelberg.de>

Oliver Sass said:
> Dear Apache-Experts!

We're not that ... read the mailing list manifesto on the Debian mailing
lists page.

> I have a strange problem with a simple task of configuration on our
> Apache 1.3.26 www-server on an "old potato updated to woody"-Debian. 
> Therefore I would be very gratefull if I could get replies.

This is sad indeed.  I am deeply sorry that you have fallen upon such
hard times.

> The task: Granting access to directories to certain users on a simple
> user/password basis, using simple authentification and .htaccess-files.
> This had been working very well for a long time.
> 
> The problem: After I had installed and uninstalled mySQL-server/client,
> horde and imp - it stopped working. (Or let's say, after a log
> time...)
> 
> The symptomes: .htaccess-files are parsed - for when I write impropper
> syntax, apache writes errormessages. It looks as if only the
> AuthUserFile-information is simply ignored. When one tries to login,
> apache claims in its error-log that it couldn't find the user in the
> restricted web-directory (nonsense!).
> ([error] user testuser not found: /restricted_dir/)

If that's what it claims, then that is what has happened.  It's not
smart enough to make up lies to trick you!

> My homework: I read 20 manuals and I have checked every setting and
> every line in /etc/apache/httpd.conf. Everything is set correctly. I
> have checked each and every .htaccess-file and regenarated the
> password-files: It did not work.  I have moved the syntax from the
> .htaccess-file to the httpd.conf-file as directory-directive: It did not
> change anything. I have removed the webserver from the system, removed
> the rest by hand and reinstalled everything from another source: this
> didn'd change a thing. And at last I had tried to change the combination of
> modules, which was quite confusing in the results, but it didn't change
> my problem. (Which modules are needed for minimal restriction, anyway?)
> 
> I wrote Emails to apache and to the maintainer of the debian-package,
> but I didn't get any answers yet. Does anybody have an idea about this
> strange behavior? (Of the server, of course..)

That's because they're busy and don't have time to answer everybody's
questions.  Of course in an ideal world, they would; but in an ideal
world you wouldn't be having this problem either ...

> Thank you very much in forward to any suggestions.
> Greetings,
> Oliver
> 
> 
> ps. some configurations:
> 
> AllowOverride is set to All everywhere.
> My directives for an example-directory in httpd.conf:
> 
> <Directory "/usr/local/httpd/htdocs/restricted_dir">
> AuthType Basic
> require valid-user
> Satisfy all
> AuthName "test"
> AuthUserFile /etc/apache/access_files/testdir
> </Directory>

Can the user the web server runs as(*) read /etc/apache/access_files/testdir?
Does it have access (+x) permission on  /etc/apache/access_files,
/etc/apache and /etc?  Have you tried different web browsers?  Have you
tried saving a backup of your Apache config, removing the server and
then reinstalling it with the default configuration?

See what modules are loaded.  Turning on the server-info handler (with
access restrictions for localhost only) and browsing /server-info will
show you what modules are loaded and how they're configured.

	<Location /server-info>
	SetHandler server-info

	order deny,allow
	deny from all
	allow from localhost
	</Location>

Make sure that the mod_auth module is enabled in httpd.conf!

What I think might have happened is the ugprade of the apache packages
from potato to woody may have run the apacheconfig script to create a
new config file; if it didn't know about the modules you'd enabled
before, then you may have got a default set without the authentication.
See if there's an httpd.conf.O file, which would indicate that a new
config file had been created and your old one saved with that name.

But if mod_auth isn't loaded, Apache should spit the dummy at your
various Auth* directives, so I don't know what's really wrong ...

In closing, I don't think you've proved that this is an Apache problem
and not a config problem.  Check it again carefully!

Andrew.

*  grep ^User /etc/apache/*conf

-- 
Andrew Shugg <andrew@neep.com.au>                   http://www.neep.com.au/

"Just remember, Mr Fawlty, there's always someone worse off than yourself."
"Is there?  Well I'd like to meet him.  I could do with a good laugh."

Reply to:

Follow-Ups:
- Re: Apache-Problem (htaccess - not a config-problem)
  - From: O Sass <osass@ix.urz.uni-heidelberg.de>

References:
- Apache-Problem (htaccess - not a config-problem)
  - From: O Sass <osass@ix.urz.uni-heidelberg.de>

Prev by Date: Partnership
Next by Date: Re: Apache-Problem (htaccess - not a config-problem)
Previous by thread: Apache-Problem (htaccess - not a config-problem)
Next by thread: Re: Apache-Problem (htaccess - not a config-problem)
Index(es):
- Date
- Thread