httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <>
Subject Re: restrict access to a directory
Date Thu, 25 Apr 2002 10:52:18 GMT

> what i mean by neither seem to work, is that I can always see 
> all files in the directory. Access controll appears
> not to be working at all. no errors, just lets me see all 
> files without promting for a password

OK. So your server is working, it is just not engaging the
authorisation. Double-check the following:

- the Directory container defines the directory you want to protect.

- the AuthUserFile exits and contains real user:pass pairs. Be careful
of the warning in the docs: "If your AuthUserFile includes a line
containing only a colon (':'), a 'Require valid-user' will allow access
if both the username and password in the credentials are omitted. "

- remember that if you gain access ONCE, your browser will have free
access thereafter (it caches the user:pass pair). To retest after one
access, you must restart your browser...

- If you suspect a sticky browser, test the server from the command

# telnet server 80
GET /path/to/dir HTTP/1.0
<two returns>

You should see:

HTTP/1.1 401 Authorization Required


Owen Boyle.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message