httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Graham Pye" <gra...@gjpye.com>
Subject [users@httpd] Passwords on Nested Folders
Date Mon, 09 Nov 2015 08:02:01 GMT
I run a website for a local club. The site is divided into three sections,
public, members only, and administration with the files for each section in
a separate folder on the server. The members and admin folders have their
own (different!) passwords, set up in .htaccess files - I'm not a U**x
heavy, so I've used the Cpanel tool provided by our ISP to set up the
security, but as far as can I tell by looking at the files, they're all set
up OK.

Now, the problem is that using Firefox to access the admin part of the site,
occasionally the browser sends the security credentials for the members area
rather than the admin area, and as a result the server denies access. I
think that the reason for this is that the admin files are in a sub-folder
of the members files, and hence they inherit the members area's security as
well as having their own security.

It seems unlikely that this is a Firefox bug as I'm sure it would have been
detected before, but since I use that browser almost exclusively and the
problem only occurs randomly it's difficult to prove that accessing the site
without problems using IE for a while points the finger of blame at the
browser.

I've used the Firefox add-in LiveHTTPheaders to examine the headers the
browser is sending back, and hence I can see that it's sending the
credentials for the wrong part of the site, i.e. the members area, when it
goes wrong.

If I move the admin folder to a separate part of the file tree at the same
level as the members and public files is that likely to fix the problem? I
presume that if I refer to some files in other parts of the tree (to get
common CSS files, images, etc.) they will then work OK, or do I need to have
copies of them in the admin folder?

Thanks,

Graham

Mime
View raw message