httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert L. Harris" <Robert.L.Har...@rdlg.net>
Subject [users@httpd] apache2 and htaccess files?
Date Wed, 18 Jun 2003 15:46:03 GMT

I'm trying to lock down some directories on a server before I put it
live.  The .htaccess files though seem to have no bearing and are not
preventing anyone anywhere from accessing the site.  Here's what I have:

Debian unstable, kernel 2.4.21 (same problem since kernel 2.4.18 though)

dpkg -l | grep -i apache:
ii  apache2-common 2.0.46-3       Next generation, scalable, extendable web se
ii  apache2-mpm-wo 2.0.46-3       High speed threaded model for Apache2
ii  libapache-mod- 2.8.14-3.0.ipv Documentation for Apache module mod_ssl
ii  libapr0        2.0.46-3       The Apache Portable Runtime

root      9688     1  0 Jun12 ?        00:00:13 /usr/sbin/apache2 -k start -DSSL
www-data 27866  9688  0 11:29 ?        00:00:00 /usr/sbin/apache2 -k start -DSSL
.
.<more children>


Snippets from my /etc/apache2/apache.conf:

AccessFileName .htaccess
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

<Directory />
    Options FollowSymLinks
#    AllowOverride None
    AllowOverride AuthConfig
</Directory>

<Directory /cgi-bin/roast/root>
   AllowOverride AuthConfig
   Order deny,allow
   Deny from all
</Directory>


/cgi-bin/roast/root/.htaccess:
{0}:>ls -la .htaccess
-rwxr-xr-x    1 www-data www-data      174 Apr 15 10:40 .htaccess

root@wally
{0}:>cat .htaccess
AuthType Basic
AuthName "Password Required"
AuthUserFile /var/www/passwords/password.file.roast.rdlg
#AuthGroupFile /var/www/passwords/group.file
Require user nomad mamma


{0}:>ls -la /var/www/passwords/password.file.roast.rdlg
-rw-r-----    1 www-data www-data       40 Jun 12 20:51 /var/www/passwords/password.file.roast.rdlg

{0}:>cat /var/www/passwords/password.file.idsadmin.rdlg
mamma:B0avyPzxbvqEo
nomad:FT8afZBwnSulo


If I hit http://server/cgi-bin/roast/root/base.cgi it loads up and displays the
output of the base.cgi script just fine without prompting for a password
of any sort.

Help?
  Thanks,
    Robert






:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | GPG Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Diagnosis: witzelsucht

IPv6 = robert@ipv6.rdlg.net	http://ipv6.rdlg.net
IPv4 = robert@mail.rdlg.net	http://www.rdlg.net

Mime
View raw message