httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] How to write .htpasswd in <Directory>
Date Thu, 02 Sep 2004 00:10:20 GMT
On 1 Sep 2004 21:32:43 -0000, Singh <apachemono@rediffmail.com> wrote:
> Hi friends...
> I am trying to secure my application directory in Apache. I made a .htpasswd file under
/home/user/apache2/ using the command
> htpasswd -c .htpasswd username. My query is how to implement this thing? My config file
looks something like this :
> 
> ------snip-----
> DocumentRoot "/var/www/html/apps" #apps is the directory where application is placed.
> <Directory />
>     Options Indexes FollowSymLinks
>     AllowOverride None
>     Order Deny,Allow
>     Deny from all
> </Directory>
> <Directory "/var/www/html">
>         Options Indexes FollowSymLinks
>         Order allow,deny
>         Deny from all
>         #Allow from x.x.x.x (terminal address in LAN)
>         AuthType Basic
>         AuthUserFile /home/user/apache2/.htpasswd
>         AuthName "Authentication Please"
>         Require valid-user
>         Satisfy any
>         #AllowOverride All
>         AllowOverride AuthConfig
> </Directory>
> <Limit GET POST>
> Require valid-user
> </Limit>
> <Directory "/var/www/html/apps">
>         AllowOverride All
>         Options Indexes FollowSymLinks
>         Order allow,deny
>         Allow from all
> </Directory>

The main problem is that, since you have "Satisfy Any", the "Allow
from all" in the last section overrides any access control and allows
everyone to access the site.  Try getting rid of everything you have
there and simply having:
<Directory "/var/www/html/apps">
         Options Indexes FollowSymLinks
         AuthType Basic
         AuthUserFile /home/user/apache2/.htpasswd
         AuthName "Authentication Please"
         Require valid-user
</Directory>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message