httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <>
Subject Re: [users@httpd] .htaccess and the cgi-bin
Date Mon, 09 Dec 2002 00:39:49 GMT

Steve Winter wrote:

> 1.  I would like to be able to secure a sub folder of the cgi-bin so 
> that it requires authentication to access any of the scripts contained 
> there within.  I've tried putting a copy of an .htaccess file which I 
> know is properly configured in there, however it still allows 
> unrestricted access.  Is there any 'trick' to configuring .htaccess for 
> cgi-bin folders, is it simply 'not possible' or is it just that I'm 
> lousing things up...??..
have you allowed overrides through the .htaccess in the configuration file?

# AccessFileName: The name of the file to look for in each directory
# for access control information.
AccessFileName .htaccess

# The following lines prevent .htaccess files from being viewed by
# Web clients.  Since .htaccess files often contain authorization
# information, access is disallowed for security reasons.  Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files.  If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
<Files ~ "^\.ht">
     Order allow,deny
     Deny from all
also, you will need to set up and configure an authorisation file, with 
a list of users authorised to access the directory.
and a password file to keep thier passwords in.

> 2.  Our organisation hosts websites free of charge for approx 120 New 
> Zealand schools, and to date have received a number of requests to be 
> able to password protect areas of their site, which I have been able to 
> do for them manually, however I would like to transfer much of the 
> administration of this to the individual schools to maintain. For each 
> school I've set up an .htpasswd file in their root directory, and 
> provided a web based form which enables them to encrypt passwords to add 
> to that file, which they can access via ftp as it's in their root 
> folder.  My concern comes in that in the .htaccess file I seem to have 
> to provide an explicit reference to the location of the file on my hard 
> drive (of the type c:/server/roadshow/schools/yourschool/.htpasswd).  
> Now I don't really want all of these users to have that much information 
> about the structure of my hard drive, so I wanted to have .htaccess 
> reference .htpasswd through a relative reference, however I can't seem 
> to figure out how to do it possible...??
> Thanks for taking the time to read through my requests.  I hope that 
> someone may be able to help me.
> Kind regards
> Steve
> +------------------------------------------------------------------+
>             Steve Winter, Assistant Director
>   National Science-Technology Roadshow Trust
>                 P.O. Box 12662, Wellington
>                           New Zealand
>                    Phone +64 27 434 1577
>                       Fax +64 8 326 3263
>           <>
> +-------------------------------------------------------------------+

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message