httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <uh...@fantomas.sk>
Subject Re: [users@httpd] passwords do not function
Date Tue, 20 Jan 2009 08:26:56 GMT
> On Mon, 2009-01-19 at 17:03 +0000, Keith Harris wrote:
> > .htpasswd
> > .htaccess
> 
> > I have followed all instructions on setting up a password protect
> > directory on my local server. 
> > Nothing works.
> 
> > AuthUserFile .htpasswd

On 19.01.09 12:22, Matt McCutchen wrote:
> According to the documentation, a relative AuthUserFile is interpreted
> from the ServerRoot, which probably isn't what you expected.  Try an
> absolute path here.

putting the password file under DocumentRoot can reveal it in case of
misconfiguration. However putting it under ServerRoot is impossible on
servers with many clients, and playing with symlinks is not easy somewhere.

Some time ago I filled bugreport for creating AuthRoot directive for placing
password files, see https://issues.apache.org/bugzilla/show_bug.cgi?id=25469

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved!

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message