httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: htaccess files
Date Tue, 09 Jul 2002 07:44:28 GMT
>From: Tariq Dalvi [mailto:tariq@sitesdesigners.com]
>Hello there,
>Try this tag ofcourse change user tariq to whwtever you have login name
>in your .htpasswd as well as AuthName. second in httpd.conf
>change Directory block of members to AllowOverride all
>
>AuthName tariq 
>AuthType Basic
>AuthUserFile c:\apache\htdocs\members\.htpasswd
><Limit GET POST PUT DELETE>
>Require valid-user
></Limit> 
>require user tariq

I don't want to be a smarty-pants but just to be clear - "AuthName" is the string which will
appear in the pop-up window (officially called the "Realm"). It doesn't need to be (and probably
shouldn't be) a user name. Most people put something like:

AuthName "Member Section"
or
AuthName "Restricted Area"

Also, be careful using <Limit> - what this says is: "Let in anyone using any method
except GET, POST, PUT, or DELETE". Since apache doesn't support PUT there's not much point
putting PUT. In practice, the only important methods are GET and POST so you'd be just as
well removing the <Limit> altogether (the default is to apply the directives to all
methods). Only use <Limit> if you fully understand what it does and why you need it
(e.g. you might have an area where you don't mind people accessing pages but want to authenticate
them if they post data in a form. Then you'd do <Limit POST>...)

Your point about "AllowOverride all" (or "AllowOverride AuthConfig") is quite correct and,
I believe, the source of the original poster's problems.

Rgds,

Owen Boyle
Mime
View raw message