Return-Path: 
 <users-return-88359-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 92722 invoked from network); 19 May 2009 07:06:01 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 19 May 2009 07:06:01 -0000
Received: (qmail 55395 invoked by uid 500); 19 May 2009 07:05:57 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 55352 invoked by uid 500); 19 May 2009 07:05:57 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 55343 invoked by uid 99); 19 May 2009 07:05:57 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 May 2009 07:05:57 +0000
X-ASF-Spam-Status: No, hits=1.5 required=10.0
	tests=SPF_HELO_PASS,SPF_PASS,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of uhlar@fantomas.sk designates
 195.168.3.66 as permitted sender)
Received: from [195.168.3.66] (HELO fantomas.fantomas.sk) (195.168.3.66)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 May 2009 07:05:46 +0000
Received: from fantomas.fantomas.sk (uhlar@localhost [127.0.0.1])
	by fantomas.fantomas.sk (8.14.3/8.14.3/Debian-5) with ESMTP id n4J75Od2007500
	for <users@httpd.apache.org>; Tue, 19 May 2009 09:05:24 +0200
Received: (from uhlar@localhost)
	by fantomas.fantomas.sk (8.14.3/8.14.3/Submit) id n4J75OI7007499
	for users@httpd.apache.org; Tue, 19 May 2009 09:05:24 +0200
X-Authentication-Warning: fantomas.fantomas.sk: uhlar set sender to
 uhlar@fantomas.sk using -f
Date: Tue, 19 May 2009 09:05:24 +0200
From: Matus UHLAR - fantomas <uhlar@fantomas.sk>
To: users@httpd.apache.org
Message-ID: <20090519070524.GC6513@fantomas.sk>
Mail-Followup-To: users@httpd.apache.org
References: <d4ee74cf0905182259l6e00c333x1ffc083fd93e5ad6@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <d4ee74cf0905182259l6e00c333x1ffc083fd93e5ad6@mail.gmail.com>
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] apache2 and .htaccess

On 19.05.09 15:59, Chris Henderson wrote:
> Is there any way to tell Apache2 to prompt for username and password
> when it sees a .htaccess file in a directory?

No. But there is way to tell apache to read and parse the .htaccess (see
<Directory> and AllowOverride directives) and the .htaccess can contain
directives that will require authentication.

However, it won't be apache who asks for password, it's the browser's
business.

> At the moment, I need to define the directory in the following
> fashion in Apache2 conf file but it becomes a problem as I have
> thousands of directories that needs .htaccess file password
> protection.
> 
> For example, assuming /website is DirectoryRoot then protect
> /website/a1, /website/b2 etc.

thousands of directories with thousands of different permissions?

> <Directory "/website/dir">
> AllowOverride All
> Options Indexes
> Order allow,deny
> Allow from all
> AuthUserFile /website/dir/.htaccess
> </Directory>

This only configures /website/dir, not /website/a1 etc. Since you have
<Directory /website> below, appatently you could just skip that.

Also, the AuthUerFile specifies the _password_ file, this is not a password
file, but an access file, configured by AccessFileName, that can be
relative.

> Here is my .htaccess file
> 
> AuthName "Restricted"
> AuthType Basic
> AuthLDAPURL ldap://ad.company.com:389/ou=marketing,dc=company,dc=com?sAMAccountName?sub
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative off

Do you use other authentication methods?

> require valid-user

the same permissions/ Why not check them for /website/* then?

> In /etc/apache2/default-server.conf, I have changed
> 
> DocumentRoot "/srv/www/htdocs"
> <Directory "/srv/www/htdocs/">
> Options None
> AllowOverride None
> Order allow,deny
> Allow from all
> </Directory>
> 
> to
> 
> DocumentRoot "/website"
> <Directory "/website/">
> Options None
> AllowOverride All
> Order allow,deny
> Allow from all
> </Directory>
> 
> but it don't seem to work. Thanks for any help.

You seem have made more mistakes...
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org