httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: [users@httpd] Re: htaccess AuthType Basic: some files get served without a password challenge!
Date Thu, 02 Feb 2006 16:59:24 GMT
On Thursday 02 February 2006 15:15, Boyle Owen wrote:

> Anyway, it looks like your apache config is redirecting requests for XLS
> to tomcat. Obviously, this will happen before any .htaccess file is read
> (the file is only read if a request results in a file access in the
> target dir). Therefore it skips the authentication.

"Before" is misleading there.  .htaccess applies only within a directory,
and won't get applied at all for resources outside that directory.  Proxied
resources (including anything coming from tomcat) don't come from any
directory on the Apache server.

> If you do, define the Auth directives in a <Location> container - this
> [I think] will get parsed before the redirect to tomcat.

Yes, that'll work, though again "before" is a red herring.

> Or, implement 
> the password access in Tomcat

Indeed, that's the best solution, since Tomcat knows all about
the files, while Apache is (in this instance) just the messenger.

Nick Kew

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message