httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject Re: [users@httpd] Protecting certain cgi-bin subdirectories
Date Sat, 05 Aug 2006 14:21:17 GMT
On 8/5/06, Steve Swift <> wrote:

> I'm using Apache 2.0.46 and I want to password protect all of the
> subdirectories below cgi-bin.  This is easy, with:

Very old version.  You should upgrade.

> <DirectoryMatch /var/www/cgi-bin/.*/>
> Require valid-user
> </DirectoryMatch>
> This works fine, you need a userid, any userid, to get into the
> subdirectories.
> Now, I'd like to be more selective about who gets into the /admin
> subdirectory, so I add:
> <Directory /var/www/cgi-bin/admin>
> Require user Swifty
> </Directory>
> This second step had no effect.  I could still fetch pages from
> /var/www/cgi-bin/admin with any valid user.

You need to read:

You'll find that <Directory> automatically protects subdirectories, so
you don't need that <DirectoryMatch> complication.  You'll also find
that the order of processing is important.  Replacing the
<DirectoryMatch> with <Directory> will probably fix your main problem
as well, since it will cause the second Require directive to be
processed last, overriding the first one, rather than vis-versa.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message