httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Scriptaliased directory authentication problem
Date Fri, 28 Mar 2003 00:25:16 GMT

On Thu, 27 Mar 2003, will wrote:
> and this ScriptAlias directive in every VirtualHost container:
>
> ScriptAlias /stats/statistics /srv/www/cgi-local

You don't need to put the ScriptAlias in every vhost container.
Putting it once outside any vhost should suffice.

> <Limit GET>
> order deny,allow
> allow from all
> require user will
> </Limit>

Remove the <Limit GET> and <Limit> lines.  They are a security risk,
especially in a cgi directory.  See the docs on <limit> for more info.

> Unfortunatly the authentication does not work, I have fiddled with the
> config and it seems to be completely ignoring the .htaccess file.  Does
> anyone have any ideas why this is?  I don't want to put a .htaccess file
> in /srv/www/cgi-local, I would rather manage the users access at the
> virtualhost level.  Anyone any ideas about this?

Most likely you have another AllowOverride for that directory that is
turning off htaccess checking.  Search your httpd.conf for ALL
AllowOverride.

But an even better idea is to forget about the .htaccess and place the
auth directives directly in httpd.conf inside the relevant <directory>
section.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message