httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pontus Falk" <pontus.f...@fro.se>
Subject RE: [users@httpd] Access control
Date Wed, 30 Oct 2002 09:39:04 GMT
Thank you very much, I'm sure I'll get it to work now - I'm going to try
it out later today..!

/Pontus

> You are getting a bit mixed up with the two methods of obtaining
> password protection.
>
> EITHER:
>
> put all the directives in a <Directory> container in httpd.conf and DO
> NOT use a .htaccess file. You then don't need an AllowOverride
> directive, e.g.
>
> in httpd.conf:
>
> <Directory /var/www/html/jonny>
> AuthType Basic
> AuthName "Test"
> AuthUserFile   /var/www/html/.htpasswd
> require valid-user
> </Directory>
>
> OR:
>
> put an AllowOverride directive in a <Directory> container in httpd.conf
> and DO use a .htaccess file in the directory, e.g.
>
> in httpd.conf:
>
> <Directory /var/www/html/jonny>
>   AllowOverride AuthConfig
> </Directory>
>
> and in .htaccess:
>
> AuthType Basic
> AuthName "Test"
> AuthUserFile   /var/www/html/.htpasswd
> require valid-user
>
> NOTE:
>
> - you DO NOT need <Directory> container in the .htaccess file
> - the AllowOverride AuthConfig refers to the directory to be protected
> (or a superior directory)
> - you have your .htpasswd file under the document root - this is a BAD
> IDEA as anyone can browse it. Move it away from the docroot (it can be
> anywhere on the filesystem)
>
>
> -----Original Message-----
> From: Pontus Falk [mailto:pontus.falk@fro.se]
> Sent: Mittwoch, 30. Oktober 2002 08:01
> To: users@httpd.apache.org
> Subject: [users@httpd] Access control
>
>
> Hi!
>
> At last I've got the access control using a .htaccess file to work
> properly.
>
> Now I would like to know if there is any risk by changing the
> AllowOverride option from None to AuthConfig in the <Directory
> "/var/www/html"> section (/var/www/html is the DocumentRoot)? Is it
> better
> to make a separate <Directory> section for each directory I would like
> to
> protect using a .htaccess file?
>
> Regards,
>
> Pontus
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message