httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stephen Bopple" <>
Subject Re: help setting up .htaccess with virtual hosts
Date Tue, 09 Apr 2002 14:27:13 GMT
In the main configuration area of httpd.conf I have following:

<Directory />
  Options     FollowSymLinks
  AllowOverride    None

then later I have:

AllowOverride    Authconfig
#AccessFilename    .htaccess

In a virtual hosting account you'll find (forgive artistic license here)


DocumentRoot    /home/mojo/secksz
<Directory /home/mojo/secksz/ummm>
Options +Indexes


So I think I like the idea of setting authentication without the use of .htaccess - although
I've noticed that some
weblog packages require .htaccess to be enabled.

If I understand correctly I'll do the following:

<Directory  /home/mojo/secksz/ummm>
Options   +Indexes
AuthType    Basic
AuthName   "Member Section"
AuthUserFile  /home/mojo/password
require    valid-user

I'll use the htpassword function to creat the password file, yes?  And the purpose of AuthName
- this is the text that will show up in the username/password box which shows up?

Thanks again


>.htaccess allows you to put a certain subset of directives in a local
>file which will apply only to the directory that the .htaccess file
>appears in... provided you have said "AllowOverride <something>" in
>httpd.conf. Often, people put the directives necessary for
>authentication (password access) into a .htaccess file - but it's not
>essential that they go there. 

>Personally, I find that .htaccess files give the user so much rope that
>he usually ends up shooting himself in the foot. So I disable .htaccess
>globally (AllowOverride None at the docroot), then I set up
>authentication in a <Directory> container. All you need is:

><Directory /path/to/protected/dir>
>   AuthType            Basic
>    AuthName            "Member Section"
>    AuthUserFile        /path/to/password/file
 >   require             valid-user

>If you insist on using .htaccess, put the four mod_auth directives in
>the .htaccess file, then do;

><Directory /path/to/protected/dir>
>    AllowOverride All

>in the config.


Owen Boyle.

Steve Bopple, P.E.
Environmental Engineer, Ohio EPA
330-963-1199 (direct)

"Seabees - We Build, We Fight"

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message