httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Re: htaccess AuthType Basic: some files get served without a password challenge!
Date Thu, 02 Feb 2006 16:59:24 GMT
On Thursday 02 February 2006 15:15, Boyle Owen wrote:

> Anyway, it looks like your apache config is redirecting requests for XLS
> to tomcat. Obviously, this will happen before any .htaccess file is read
> (the file is only read if a request results in a file access in the
> target dir). Therefore it skips the authentication.

"Before" is misleading there.  .htaccess applies only within a directory,
and won't get applied at all for resources outside that directory.  Proxied
resources (including anything coming from tomcat) don't come from any
directory on the Apache server.

> If you do, define the Auth directives in a <Location> container - this
> [I think] will get parsed before the redirect to tomcat.

Yes, that'll work, though again "before" is a red herring.

> Or, implement 
> the password access in Tomcat
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html

Indeed, that's the best solution, since Tomcat knows all about
the files, while Apache is (in this instance) just the messenger.


-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message