httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <>
Subject Re: Logging users of protected resources...
Date Wed, 29 Mar 1995 14:00:21 GMT
> > 3)	Does anyone run any form of .htaccess protection on files that they
> > 	include into their documents?
> > 
> > As it stands the logfile is pretty useless for user tracking when the site also
> > makes heavy use of <!--#include file="foo" -->.  I think it's important that
> > 0.4 carries a useful fix, and I can patch it up if people want.
> Yes, we use this extensively (more for included CGI scripts that must 
> know who the REMOTE_USER is).

Understood.  Suppose than you have a set of cgi-bin scripts that provide
access to a set of related files held in some other part of the server's
space.  In one scenario I can think of (one I'm using) you'd have identical
.htaccess files in the /cgi-bin/ directory and in the /related-files/ directory.
Does this sound ok so far?

Ok, so is there any likelyhood that these two htaccess files would be
different?  Would a user need to enter a uid/pwd pair to access the
/related-files/ which was different to the one needed to access the /cgi-bin/
scripts?  I'd say not, but are you using the htaccess system in a different way?

I've put a NEW VERSION of the B00042 in incoming, called *gasp*:


which records the 'user' entry in the log file properly.  It supercedes the


patch.  I goofed in version 1, it's not been a good week.


     Andrew Wilson	     URL:
Elsevier Science, Oxford   Office: +44 0865 843155     Mobile: +44 0589 616144

View raw message