Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 22113 invoked from network); 25 Feb 2006 00:59:56 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 25 Feb 2006 00:59:56 -0000 Received: (qmail 32568 invoked by uid 500); 25 Feb 2006 00:59:44 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 32556 invoked by uid 500); 25 Feb 2006 00:59:44 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 32534 invoked by uid 99); 25 Feb 2006 00:59:44 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2006 16:59:44 -0800 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: neutral (asf.osuosl.org: local policy) Received: from [151.189.21.46] (HELO mail-in-01.arcor-online.net) (151.189.21.46) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Feb 2006 16:59:43 -0800 Received: from mail-in-05-z2.arcor-online.net (mail-in-05-z2.arcor-online.net [151.189.8.17]) by mail-in-01.arcor-online.net (Postfix) with ESMTP id CD330131D4C for ; Sat, 25 Feb 2006 01:59:21 +0100 (CET) Received: from mail-in-07.arcor-online.net (mail-in-07.arcor-online.net [151.189.21.47]) by mail-in-05-z2.arcor-online.net (Postfix) with ESMTP id BE72919E808 for ; Sat, 25 Feb 2006 01:59:21 +0100 (CET) Received: from localhost.local (HSI-KBW-085-216-026-112.hsi.kabelbw.de [85.216.26.112]) (Authenticated sender: catapult@arcor.de) by mail-in-07.arcor-online.net (Postfix) with ESMTP id AB5CD128E0D for ; Sat, 25 Feb 2006 01:59:21 +0100 (CET) Received: by localhost.local (Postfix, from userid 501) id 7898D1E96C; Sat, 25 Feb 2006 01:59:16 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by localhost.local (Postfix) with ESMTP id 61D3B16F35 for ; Sat, 25 Feb 2006 01:59:16 +0100 (CET) Date: Sat, 25 Feb 2006 01:59:16 +0100 (CET) From: Apache.20.TEN@spamgourmet.com X-X-Sender: andy@beastmaster.local To: users@httpd.apache.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] .htaccess: How to "cut only the middle branch" from a directory tree? X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N One bewildering observation on a low-traffic, co-hosted account (hence no logs, & unusual first lines required in .htaccess) by a provider using Apache 1.3.29: Some directories didn't seem to get the password protection they deserve. I figured out that the protection on every level in the directory tree can be obtained by creating this structure of subdirectories below root: /1/2/3 - and then uploading an .htaccess with these contents into each of them: PerlSetVar AuthFile /.htpasswd AuthType Basic AuthName "confidential documents" require valid-user Apache requires a password on http://site.dom/1/2/3, http://site.dom/1/2 and http://site.dom/1 - however when uploading a different .htaccess that is supposed to open up (ONLY) http://site.dom/1/2 to the "middle" directory of /1/2, something unexpected is caused by this /1/2/.htaccess file: PerlSetVar AuthFile /.htpasswd AuthType Basic AuthName "wide open" order deny,allow Satisfy any Besides directory 2, its subdirectory 3 becomes accessible without credentials, as well, although the more restrictive version of .htaccess has remained in...3 and should therefore be unaffected by any changes to /1/2/.htaccess - is there any explanation for this, and a way around the issue? (The format of .htaccess being largely restricted by the hosting provider's requirements, of course...)? If this is a "feature", how does one make sure that the .htaccess placed in the "sub-sub-subdirectory" /1/2/3 is observed, so 3 will not be affected by changes to the .htaccess for its parent directory, i.e. remain protected just like /1 ? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org