Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
From: "Wouter van Vliet" <wouter@springt.nl>
To: <users@httpd.apache.org>
Date: Fri, 21 Nov 2003 10:29:21 +0100
Message-ID: <NMEAKPCLPANNJPNMHPNGAEOBCAAA.wouter@springt.nl>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
In-Reply-To: 
 <FAB6A3A2CC5BDB448DADFA1C8C0752965F739A@SOMEXEVS001.ex.ordersx.org>
Importance: Normal
Subject: RE: [users@httpd] .htaccess

As for generating htpasswd files and security of the .ht* files .. you can
ignore access to them with a <Files> directive, smth like

	<Files /^\.ht.*$/>
		Deny from all
	<Files>

would work. If you want to be sure about the syntax, check the docs at
apache.org... that will help you out.

Now generating .htpasswd entries.. Just provide the windows binary for that
somewhere to your users with some instructions. That's by far the most easy
way. Anybody knows if that's allowed by the license of Apache?

Grtx,
Wouter


> -----Oorspronkelijk bericht-----
> Van: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Verzonden: vrijdag 21 november 2003 9:58
> Aan: users@httpd.apache.org
> Onderwerp: RE: [users@httpd] .htaccess
>
>
> >-----Original Message-----
> >From: Duane Barnes [mailto:dbarnes@power1.com]
> >
> >Is there a way to allow ftp users to generate their own .htaccess and
> >.htpasswd files?
>
> A .htaccess file is just another file which happens to contain apache
> directives that you want to apply to the directory. The FTP-user can
> write one locally and upload it via FTP just as easily as he can upload
> an HTML or GIF or whatever. The trick from your side is that you have to
> "AllowOverride <something>" in the apache config for that dir so that
> apache is allowed to act upon the .htaccess directives.
>
> The .htpasswd file contains username;password pairs and is used to
> control access to a "realm" (ie a directory with behind a password
> challenge). Again, the user can upload this file as easily as any other,
> with a couple of caveats:
>
> - it is not normally a good idea to put a password file in the webspace;
> unless you don't mind people viewing it, you'd have to protect it from
> being accessed. Usually, it is safer to put password files outside the
> apache document tree.
> - your user will need access to the "htpasswd" binary to create the
> files in the first place (I suspect this might be the main point of your
> question). There is no built-in way for clients to access this program -
> you would have to craft a solution in CGI or something...
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
>
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> Diese E-mail ist eine private und pers�nliche Kommunikation. Sie hat
> keinen Bezug zur B�rsen- bzw. Gesch�ftst�tigkeit der SWX Swiss Exchange.
> This e-mail is of a private and personal nature. It is not related to
> the exchange or business activities of the SWX Swiss Exchange. Le
> pr�sent e-mail est un message priv� et personnel, sans rapport avec
> l'activit� boursi�re de la SWX Swiss Exchange.
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org