httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jon Forrest <jlforr...@berkeley.edu>
Subject Re: [users@httpd] Problem With Password Protection in Apache 2.2
Date Thu, 15 Nov 2007 14:45:35 GMT
Boyle Owen wrote:

> - what *exactly* is the name of the file? In the config snippet it is
> called ".htpasswd", but above you call it ".htpassword". 

Sorry. It is .htpasswd.

>> The directory on the Directory line exists:, e.g.
>>
>> % ls -d /users/chemweb/apache2/http-cchem/htdocs/admittedstudent
>> /users/chemweb/apache2/http-cchem/htdocs/admittedstudent
> 
> - it exists from that shell, but does it exist from the shell that
> apache is running in? (looks like a mounted dir, to me..)
> - what are the read permissions on the file, can apache read it?

Yes. We use a reverse proxy design where there are instances
of Apache running with my uid. The file and directory are only
readable by me, which is OK in this situation.

> Couple of other points:
> 
> - password file is in the same dir as the content. So anyone can access
> it. Are you OK about that?

Actually the password file is not in the same directory as the content.
I have some mod_rewrite rules that I didn't show that redirect all
URLs to a "public_html" directory in each user's account.

> - Require directive is limited to GET requests. So you don't mind if
> people without a password access the content via POST requests?

I just did a cut and paste from an example from some documentation.
At this point this is the least of my problems, especially since the
content does not require high security. Once I get the password
protection issue solved then I'll add POST too.

If I can't solve this soon I'm going to go ahead and try .htaccess
files but I'd rather do this right by using directives in the
httpd.conf file.

Thanks for your comments.

Jon Forrest
Unix Computing Support
College of Chemistry
173 Tan Hall
University of California Berkeley
Berkeley, CA
94720-1460
510-643-1032
jlforrest@berkeley.edu

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message