Return-Path: 
 <users-return-24775-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 1486 invoked by uid 500); 28 Mar 2003 00:26:36 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 1473 invoked from network); 28 Mar 2003 00:26:36 -0000
Received: from tomts12.bellnexxia.net (HELO tomts12-srv.bellnexxia.net)
 (209.226.175.56)
  by daedalus.apache.org with SMTP; 28 Mar 2003 00:26:36 -0000
Received: from RM505.mgmt.mcgill.ca ([67.68.69.113])
          by tomts12-srv.bellnexxia.net
          (InterMail vM.5.01.04.19 201-253-122-122-119-20020516) with ESMTP
          id
 <20030328002641.SVPH23066.tomts12-srv.bellnexxia.net@RM505.mgmt.mcgill.ca>
          for <users@httpd.apache.org>; Thu, 27 Mar 2003 19:26:41 -0500
Date: Thu, 27 Mar 2003 19:25:16 -0500 (Eastern Standard Time)
From: Joshua Slive <joshua@slive.ca>
To: apache-users <users@httpd.apache.org>
In-Reply-To: <1048807454.2077.87.camel@move>
Message-ID: <Pine.WNT.4.52.0303271921360.1132@RM505.mgmt.mcgill.ca>
References: <1048807454.2077.87.camel@move>
X-X-Sender: slive@exchange.commerce.ubc.ca
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: Re: [users@httpd] Scriptaliased directory authentication problem


On Thu, 27 Mar 2003, will wrote:
> and this ScriptAlias directive in every VirtualHost container:
>
> ScriptAlias /stats/statistics /srv/www/cgi-local

You don't need to put the ScriptAlias in every vhost container.
Putting it once outside any vhost should suffice.

> <Limit GET>
> order deny,allow
> allow from all
> require user will
> </Limit>

Remove the <Limit GET> and <Limit> lines.  They are a security risk,
especially in a cgi directory.  See the docs on <limit> for more info.

> Unfortunatly the authentication does not work, I have fiddled with the
> config and it seems to be completely ignoring the .htaccess file.  Does
> anyone have any ideas why this is?  I don't want to put a .htaccess file
> in /srv/www/cgi-local, I would rather manage the users access at the
> virtualhost level.  Anyone any ideas about this?

Most likely you have another AllowOverride for that directory that is
turning off htaccess checking.  Search your httpd.conf for ALL
AllowOverride.

But an even better idea is to forget about the .htaccess and place the
auth directives directly in httpd.conf inside the relevant <directory>
section.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org