httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Johnson <...@indietorrent.org>
Subject Re: [users@httpd] Able to view .htaccess and .htpasswd files via user-agent under default configuration (Apache 2.4, Win32)
Date Mon, 03 Dec 2012 23:01:55 GMT


On 12/3/2012 5:51 PM, Eric Covener wrote:
> What's in the <Location /> with require valid-user? That effectively
> replaces the <Files> w/ no AuthMerging.  If you're passing that check,
> the .ht* will be served.
> 

Right you are, good sir! I would never have figured that out.

If I remove the contents of that <Location /> (see below), I am denied
access to the .ht* files.

-----------------------------
<Location />
AuthType Basic
AuthName "Please Authenticate"
AuthBasicProvider dbd
Require valid-user
# mod_authn_dbd SQL query to authenticate a user.
AuthDBDUserPWQuery "SELECT CONCAT('{SHA}', `password`) FROM `web_user`
WHERE `username` = %s"
</Location>
-----------------------------

To where should these directives be moved to avoid this overwriting? To
the <Directory> block whose path matches the server's document root?

Thanks!

-Ben

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message