httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cnel...@nycap.rr.com
Subject [users@httpd] How do I protect a CGI directory?
Date Fri, 04 Jun 2004 17:44:36 GMT
I want my users to go to https://1.2.3.4 and click on links to get to programs in my CGI directory.
 Specifically, I want to keep them from using URLs like https:/1.2.3.4/cgi-bin/xxx.cgi.  (My
only real concern is that the user be validated w/ a password before doing any of this.  I
actually wouldn't mind if users could type in the direct URL as long as httpd made them log
in.)

I thought I knew how to do this.  All of my CGI programs are in /usr/apache/cgi-bin and I'd
added this to my httpd.conf file:
 
 <Directory /usr/apache/cgi-bin>
   Require valid-user
 </Directory>

and I _swear_ that worked for a while, but now it doens't.  I guess I wasn't testing it properly
because today with that directive in place, I can't get any CGIs, even after logging in. 
My error_log has things like:

  [Fri Jun  6 14:18:43 2004] [crit] [client 10.93.0.1] configuration error:  couldn't perform
authentication. AuthType not set!: /cgi-bin/xxx.cgi

So, how _do_ I make sure users are validated before running any CGIs?  TIA.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message