Return-Path: 
 <users-return-42536-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 49707 invoked from network); 18 Jun 2004 00:59:10 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 18 Jun 2004 00:59:10 -0000
Received: (qmail 40049 invoked by uid 500); 18 Jun 2004 00:59:19 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 40015 invoked by uid 500); 18 Jun 2004 00:59:18 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 39985 invoked by uid 99); 18 Jun 2004 00:59:17 -0000
Received: from [216.222.7.205] (HELO a.mx.joeyhewitt.com) (216.222.7.205)
  by apache.org (qpsmtpd/0.27.1) with ESMTP; Thu, 17 Jun 2004 17:59:17 -0700
Received: (qmail 2211 invoked from network); 17 Jun 2004 18:58:39 -0600
Received: from cuivienen.joeyhewitt.com (HELO cuivienen)
 (joey@joeyhewitt.com@216.222.7.204)
  by joeyhewitt.com with RC4-MD5 encrypted SMTP; 17 Jun 2004 18:58:39 -0600
Message-ID: <000a01c454cf$54a3c940$cc07ded8@joeyhewitt.com>
From: "Joey Hewitt" <joey@joeyhewitt.com>
To: <users@httpd.apache.org>
References: <6.1.0.6.2.20040617173713.01ad5758@wheresmymailserver.com>
Date: Thu, 17 Jun 2004 18:58:12 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
X-Virus-Checked: Checked
Subject: Re: [users@httpd] 2.0.48 user auth not working
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

(This looks like a repost.  If it is, I think it would be nice to say so,
and perhaps wait more than a day to post again.)

Ian L <apache@merk.caltech.edu> wrote:
> I'm trying to password protect a directory under apache, but apache isnt
> asking for a password. Its letting me view html and executing cgi pages. I
> used pretty much the same config on another site running on this machine
> and that is working. This one though just acts like there's no
> authentication at all.
>
> Any idea what i did wrong?  (i did restart apache) here's the relevant
conf
> file section:
>
> <VirtualHost xxx.xxx.xxx.xxx.:80>
>   ServerName domain.name
>   DocumentRoot /disk/whis-site
>   CustomLog logs/access_log_whis combined
>   <Directory /disk/whis/phppgadmin>
>    Options +ExecCGI
>    AuthType Basic
>    AuthName "Whis"
>    AuthUserFile /disk/whis_PassFile
>    Require valid-user
>   </Directory>
> </VirtualHost>
>
> thanks

You might need to tell Apache to deny access unless authentication has been
done, with something like

    Order deny,allow
    Deny from all
then
    AuthType Basic
    AuthName "Whis"
    ....

Someone please say something if I'm wrong; I'm no guru. ;)  Hope this helps,
==Joey


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org