httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Watts <m.wa...@eris.qinetiq.com>
Subject Re: [users@httpd] still see .htaccess and .htpasswd trough virtual host
Date Thu, 08 Jul 2010 08:20:36 GMT
On Thu, 2010-07-08 at 13:40 +0530, J. Bakshi wrote:
> Hello list,
> 
> I have become little confused and hope to get some help. I have a suse
> 11.2 server running   Apache/2.2.10 (Linux/SUSE) with some virtual hosts. I already have
the following in httpd.conf file
> 
> ``````````````
> AccessFileName .htaccess
> 
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> #
> <Files ~ "^\.ht">
>     Order allow,deny
>         Deny from all
> </Files>
> ``````````````````````````
> 
> But still I can read the .htaccess and .htpasswd file through browser, when visit the
virtual host. But if I add the above config at the virtual host itself, it works well. So
the virtualhosts bypass the config already there in httpd.conf.  Do I need to write the code
for each and every virtualhost then ? Not possible to define at any common point just once
?

Are you sure you're not seeing cached copies?


<FilesMatch "^\.ht">
        Order allow,deny
        Deny from all
</FilesMatch>

This prevents you from opening (GET /.htaccess) those files.

If you want to prevent them from being seen in a directory listing, use
"IndexIgnore"

http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexignore

Mark.

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg

Mime
View raw message