Re: htaccess failure

To: Martin WHEELER <mwheeler@startext.co.uk>
Cc: debian-isp <debian-isp@lists.debian.org>
Subject: Re: htaccess failure
From: Bart-Jan Vrielink <bartjan@vrielink.net>
Date: Tue, 20 Feb 2001 14:59:00 +0100 (CET)
Message-id: <Pine.LNX.4.21.0102201453520.1537-100000@vrielink>
In-reply-to: <Pine.LNX.4.21.0102192148061.10054-100000@startext.demon.co.uk>

On Mon, 19 Feb 2001, Martin WHEELER wrote:

> To my knowledge, protecting a directory using the .htaccess file method
> has always worked without a hitch for me on my local machine (Debian
> 2.2r2 + proposed-updates) -- but has "suddenly" stopped functioning.
> 
>  mwheeler@startext:~$ apache -v
>  Server version: Apache/1.3.9 (Unix) Debian/GNU
>  Server built:   Jan 26 2001 00:10:13
> 
> is what I'm running (stable hasn't progressed to 1.3.12 yet); the
> access.conf file contains:
> 
>  <Directory /var/www>
>   Options Includes Indexes FollowSymLinks
>   AllowOverride None

The line above means "ignore any .htaccess files in this directory". I
don't think you'll want that :)
I think you'll want that line to read
AllowOverride AuthConfig

>   order allow,deny
>   allow from all
>  </Directory>
> 
> and:
> 
>  # Do not allow retrieval of the override files, a standard security
>  measure.
>  <Files .htaccess>
>   order allow,deny
>   deny from all
>  </Files>
> 
> srm.conf contains:
> 
>  # AccessFileName: The name of the file to look for in each directory
>  # for access control information.
>  AccessFileName .htaccess
>  
> but no way will Apache stop and ask for authentication when any user
> goes into any directory containing a valid .htaccess file pointing to a 
> valid htusers/.htpasswd data file.

-- 
Tot ziens,

Bart-Jan

Reply to:

References:
- htaccess failure
  - From: Martin WHEELER <mwheeler@startext.co.uk>

Prev by Date: Re: htaccess failure
Next by Date: Re: htaccess failure
Previous by thread: Re: htaccess failure
Next by thread: Boot procedure on old SPARCs
Index(es):
- Date
- Thread