httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] .htaccess causes 500 Internal Server Error
Date Tue, 17 Dec 2002 08:06:52 GMT
I think the problem occurs when you get authenticated and the server
tries to serve up secret/index.html. How come you get a 500 from a plain
HTML file? Is it really a plain HTML file? Has it got something funny
inside it? Do you have any redirects to CGIs or something? Also, who is
user "notme" who appears in the logfile but not in the input?

500 is the response to the failure of a shell spawned by the server -
usually as a result of a CGI call. So it is very odd to get one when you
serve a plain HTML.

Your AuthStuff is fine, by the way...


Owen Boyle

>-----Original Message-----
>From: []
>Sent: Montag, 16. Dezember 2002 18:14
>Subject: [users@httpd] .htaccess causes 500 Internal Server Error
>Note: After attempting to replicate my problem while typing this
>email, I managed to find something that works.  Ain't that always the
>way?  :-)
>So, to summarise:
>.htaccess files are causing '500 Internal Server Error' when using
>'require user foo' or 'require valid-user'
>I see 'configuration error: couldn't check access.  No groups file?'
>in my error.log
>This is "Apache/2.1.0-dev (Unix) DAV/2 SVN/0.15.0 (dev build) Server
>at Port 80"
>What have I done wrong?  What module did I forget to load?
>Instead, I'm going to use 'require group foo', which does appear to be
>The gory details:
>I'm attempting to set up a password-protected portion of my website.
>Clients will generally be using IE.
>The test site is at
>I've edited my /etc/apache2/sites-available/ file to
>contain the following:
>        <Directory /var/www/>
>                AllowOverride AuthConfig
>        </Directory>
>Without /var/www/ present, the
>password prompt doesn't appear and the user can access the content
>with no problem.
>If I create the .htaccess file:
>peculiar:/var/www/> ls -al
>total 16
>drwxr-sr-x    2 roger    www          4096 Dec 16 16:47 ./
>drwxr-sr-x    6 roger    www          4096 Dec 16 16:33 ../
>-rw-r--r--    1 roger    www           198 Dec 16 16:41 .htaccess
>-rw-r--r--    1 roger    www           175 Dec 16 16:37 index.html
>peculiar:/var/www/> cat .htaccess 
>AuthType Basic
>AuthName "Password Required"
>AuthUserFile /var/www/
>require user roger
>I created the password file using:
>/usr/local/apache2/bin/htpasswd -c password.file roger
>New password: 
>Re-type new password: 
>Adding password for user roger
>peculiar:/var/www/> ls -al
>total 12
>drwxr-sr-x    2 roger    www          4096 Dec 16 16:40 ./
>drwxrwsr-x    5 root     www          4096 Dec  3 12:02 ../
>-rw-r--r--    1 roger    www            20 Dec 16 16:40 password.file
>peculiar:/var/www/> cat password.file 
>The password is 'foo'.  I'm not worried about telling you this.
>There's nothing actually secret at that location ;-)
>Having done that, I'm prompted for a user ID and password.  If I enter
>the wrong user ID/password, the dialog box remains on the screen.
>If I enter the correct user ID/password, I get a 500 Internal 
>Server Failure.
>The log file contains:
>[Mon Dec 16 16:53:12 2002] [error] [client] 
>user notme not found: /secret/index.html
>[Mon Dec 16 16:53:30 2002] [crit] [client] 
>configuration error:  couldn't check access.  No groups file?: 
>If I create a groups file, as suggested by the error:
>peculiar:/var/www/> cat .htaccess    
>AuthType Basic
>AuthName "Password Required"
>AuthUserFile /var/www/
>AuthGroupFile /var/www/
>require group admins
>peculiar:/var/www/> ls -al group.file 
>-rw-r--r--    1 roger    www            15 Dec 16 17:02 group.file
>peculiar:/var/www/> cat group.file 
>admins: roger
>...then it works fine.  The _problem_ comes from the fact that if I
>leave the group file in place, and go back to 'require user roger',
>then I still get the 500.  Same if I use 'require valid-user'.
>I'm using Apache 2.1.0 from CVS, but I'm guessing that it won't have
>changed too much from Apache 2.0.4x.  Correct me if I'm wrong.
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message