httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [users@httpd] .htaccess: How to "cut only the middle branch" from a directory tree?
Date Sat, 25 Feb 2006 00:59:16 GMT
One bewildering observation on a low-traffic, co-hosted account (hence no logs,
& unusual first lines required in .htaccess) by a provider using Apache 1.3.29:

Some directories didn't seem to get the password protection they deserve.

I figured out that the protection on every level in the directory
tree can be obtained by creating this structure of subdirectories below root:
/1/2/3 - and then uploading an .htaccess with these contents into each of them:

PerlSetVar AuthFile /.htpasswd
AuthType Basic
AuthName "confidential documents"
require valid-user

Apache requires a password on http://site.dom/1/2/3, http://site.dom/1/2
and http://site.dom/1 - however when uploading a different .htaccess that
is supposed to open up (ONLY) http://site.dom/1/2 to the "middle" directory of
/1/2, something unexpected is caused by this /1/2/.htaccess file:

PerlSetVar AuthFile /.htpasswd
AuthType Basic
AuthName "wide open"
order deny,allow
Satisfy any

Besides directory 2, its subdirectory 3 becomes accessible without credentials,
as well, although the more restrictive version of .htaccess has remained in...3
and should therefore be unaffected by any changes to /1/2/.htaccess - is there
any explanation for this, and a way around the issue? (The format of .htaccess
being largely restricted by the hosting provider's requirements, of course...)?

If this is a "feature", how does one make sure that the .htaccess placed in the
"sub-sub-subdirectory" /1/2/3 is observed, so 3 will not be affected by changes
to the .htaccess for its parent directory, i.e. remain protected just like /1 ?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message