httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <...@bourse.ch>
Subject Re: help setting up .htaccess with virtual hosts
Date Tue, 09 Apr 2002 13:54:40 GMT
Stephen Bopple wrote:
> 
> Hello,
> 
> Question regarding setting up .htaccess and virtual hosts.  First I've read everything
I think I can on the Apache website and in the O'Reilly book and I'm still unsure exactly
how to go about this.  Basically, I have a webserver setup for virtual hosting.  What I want
to do is setup one password protected directory in one vitual account that has already fancy
indexing enabled.  In the past I'd tried enabling .htaccess in the main (or global section)
of httpd.conf, but it was ignored when I would setup a .htaccess file in a given - and furthermore
it began to mess up access to everyone's php web based email.
> 
> What is the preferred, or correct way of doing this?  I can provide my httpd.conf and
other info.

It is a popular misconception that .htaccess files are necessary to
enable password access. They're not.

.htaccess allows you to put a certain subset of directives in a local
file which will apply only to the directory that the .htaccess file
appears in... provided you have said "AllowOverride <something>" in
httpd.conf. Often, people put the directives necessary for
authentication (password access) into a .htaccess file - but it's not
essential that they go there. 

Personally, I find that .htaccess files give the user so much rope that
he usually ends up shooting himself in the foot. So I disable .htaccess
globally (AllowOverride None at the docroot), then I set up
authentication in a <Directory> container. All you need is:

<Directory /path/to/protected/dir>
    AuthType            Basic
    AuthName            "Member Section"
    AuthUserFile        /path/to/password/file
    require             valid-user
</Directory>

If you insist on using .htaccess, put the four mod_auth directives in
the .htaccess file, then do;

<Directory /path/to/protected/dir>
    AllowOverride All
</Directory>

in the config.

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message