Re: htaccess failure
On Mon, 19 Feb 2001, Martin WHEELER wrote:
> To my knowledge, protecting a directory using the .htaccess file method
> has always worked without a hitch for me on my local machine (Debian
> 2.2r2 + proposed-updates) -- but has "suddenly" stopped functioning.
>
> mwheeler@startext:~$ apache -v
> Server version: Apache/1.3.9 (Unix) Debian/GNU
> Server built: Jan 26 2001 00:10:13
>
> is what I'm running (stable hasn't progressed to 1.3.12 yet); the
> access.conf file contains:
>
> <Directory /var/www>
> Options Includes Indexes FollowSymLinks
> AllowOverride None
The line above means "ignore any .htaccess files in this directory". I
don't think you'll want that :)
I think you'll want that line to read
AllowOverride AuthConfig
> order allow,deny
> allow from all
> </Directory>
>
> and:
>
> # Do not allow retrieval of the override files, a standard security
> measure.
> <Files .htaccess>
> order allow,deny
> deny from all
> </Files>
>
> srm.conf contains:
>
> # AccessFileName: The name of the file to look for in each directory
> # for access control information.
> AccessFileName .htaccess
>
> but no way will Apache stop and ask for authentication when any user
> goes into any directory containing a valid .htaccess file pointing to a
> valid htusers/.htpasswd data file.
--
Tot ziens,
Bart-Jan
Reply to: