Return-Path: 
 <users-return-105808-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-users-archive@www.apache.org
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 29259DA26
	for <apmail-httpd-users-archive@www.apache.org>;
 Sun, 27 Jan 2013 18:30:10 +0000 (UTC)
Received: (qmail 8968 invoked by uid 500); 27 Jan 2013 18:30:07 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 8885 invoked by uid 500); 27 Jan 2013 18:30:07 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 8873 invoked by uid 99); 27 Jan 2013 18:30:07 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 27 Jan 2013 18:30:06 +0000
X-ASF-Spam-Status: No, hits=0.9 required=5.0
	tests=HK_RANDOM_ENVFROM,HK_RANDOM_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of cmplxgal@gmail.com designates
 209.85.212.41 as permitted sender)
Received: from [209.85.212.41] (HELO mail-vb0-f41.google.com) (209.85.212.41)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 27 Jan 2013 18:29:58 +0000
Received: by mail-vb0-f41.google.com with SMTP id l22so1400149vbn.14
        for <users@httpd.apache.org>; Sun, 27 Jan 2013 10:29:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=x-received:message-id:x-mailer:date:to:from:subject:in-reply-to
         :references:mime-version:content-type;
        bh=dcitLkr02LBtygu1oPf/3CQt7D/M3hM+8OM0fPwhkw0=;
        b=OWhKp03g4VXnHCH7tHafHGSp6p6i9gshUpMZj9M/kzhIjE1ioZAgO01V7hahLjOm6w
         M/aRApuIPvl4v86zyj0joK4czWRF73ttpcuhJNW0sCWOYjGYTkAD2/P46tmJ6ryOgx/d
         3YGkMFw4QvzR+hEqb/bAfUuk+TAXm4u7WjmI3M024xheYTjPM+6BEEwceiYeW64ZIiTP
         p92b/GxiMTcdLwdyMFeZp+viR0nGdNIv549IbLIPDI2YnZEdLoDPff4dmSqwwI7Qp8K/
         sXA92j/wKQRHuiZHQF861YdrGmZXaw911Zcsy4gCqY3EeZTGuGBtab8tUu1eS+C/qAN8
         Hgow==
X-Received: by 10.221.9.144 with SMTP id ow16mr72814vcb.29.1359311377902;
        Sun, 27 Jan 2013 10:29:37 -0800 (PST)
Received: from D26K01D1.gmail.com (c-68-46-48-186.hsd1.nj.comcast.net.
 [68.46.48.186])
        by mx.google.com with ESMTPS id u5sm4664952vef.0.2013.01.27.10.29.36
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Sun, 27 Jan 2013 10:29:36 -0800 (PST)
Message-ID: <51057210.85183a0a.1f84.ffffac0b@mx.google.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Sun, 27 Jan 2013 13:29:36 -0500
To: users@httpd.apache.org
From: Robin Miller <cmplxgal@gmail.com>
In-Reply-To: <5104D203.6050505@gmail.com>
References: <510409a1.ea25340a.1ae4.6c27@mx.google.com>
 <5104D203.6050505@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Allowing users to view content of
  password-protected directory



Michael, thanks so much for your help.

I am nervous about removing and reinstalling password protection, as 
there are some 150 users who have stored their passwords. (I know I 
could save the file.) However, I have confirmed that the password 
file is in the proper location (and password protection would be 
broken if it weren't, I imagine).

I did try adding an index file, and that does display. So the problem 
is that directory listing is being suppressed in password-protected 
subdirectories.

I have read a dozen online discussions of this issue, and adding 
IndexOptions +ShowForbidden (with or without the +) is always 
suggested as the solution to avoiding the suppression of directory 
listings. I have added that line of code to the .htaccess files in 
both my public_html directory and the password-protected 
subdirectory. I have also added Options +Indexes, although it's 
unnecessary because directory listing is enabled in 
non-password-protected directories.

I have read page after page of Apache documentation, and, while I 
have only a general understanding of these matters, only thing I can 
see that could cause this behavior is the absence of an AllowOverride 
Indexes (or All) directive in the server configuration file.

So I will open a ticket with my hosting company and suggest that as a 
possibility.

Thanks again,
Robin



At 02:06 AM 1/27/2013, you wrote:
>Hello,
>
> > My problem is that I want users who have logged in to the
> > password-protected directory to be able to view a listing of the
> > content of the directory and its subdirectories. None of the
> > directories have index files, so under normal conditions, an attempt
> > to access the directory would yielding a listing of the directory
> > content.
> >
> > However, the present coding (or my hosting company's configuration)
> > does not allow that. An attempt to view
> > http://www.cbar.pro/subscribers/ (the protected directory) yields the
> > following error message, even when the user has logged in through
> > password access:
> >
> > 403 Permission Denied
> > You do not have permission for this request /subscribers/
> >
>
>I tried this with a cPanel account and an .htaccess file that was nearly
>identical to yours and it worked for me (It showed the directory listing
>after I logged in).  I would try the following:
>
>1) Temporarily remove the password protection on the directory you want
>to protect and then re-add it.  Use the cPanel File Manager to help
>ensure that the corresponding passwd file is created.
>
>2) Verify that the corresponding passwd file has been created.  Make
>sure that it's there, that it has the username you expect, and that the
>directory it is in matches the directory in your .htaccess
>(/home/bankrup2/.htpasswds/public_html/subscribers/passwd).
>
>3) If that doesn't work, try to temporarily add an index.html file in
>the directory you're trying to protect.  This might provide a clue as to
>whether or not it has anything to do with the directory listing and the
>password protection not working together.
>
>4) If it still doesn't work, I would suggest opening a ticket with your
>hosting provider.  If they can't resolve it, they should at least be
>able to let you know why it's not possible.
>
>I hope that helps,
>-Michael S.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org