www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: config/239: Directory config inconsistent
Date Mon, 24 Mar 1997 19:41:25 GMT
Just to be sure, I'll ask the obvious questions... you have put the proper
accounts into .slf-man-pp and .slf-managers?

Are there any .htaccess files in the second directory tree?  (Are there any
in the first?)

BTW we can't test those links because of the domain restriction.  I get
a 403 for the first and a 404 for the second.

Dean

On Mon, 17 Mar 1997, Stephen Fitzgerald wrote:

> 
> 	The contract type is `' with a response time of 3 business hours.
> 	A first analysis should be sent before: Tue Mar 18 11:00:00 PST 1997
> 
> 
> >Number:         239
> >Category:       config
> >Synopsis:       Directory config inconsistent
> >Confidential:   no
> >Severity:       critical
> >Priority:       medium
> >Responsible:    apache (Apache HTTP Project)
> >State:          open
> >Class:          sw-bug
> >Submitter-Id:   apache
> >Arrival-Date:   Mon Mar 17 19:50:00 1997
> >Originator:     sjf@twpo.com.au
> >Organization:
> apache
> >Release:        1.2b7
> >Environment:
> Linux 3.0.3, kernel 2.0.18, gcc 2.7.2
> 
> Netscape 3.0.1 Gold
> >Description:
> I have a number of directories I need to protect. 1 protection configuration 
> works and the others do not.
> 
> The following configuration works as expected - only users with
> password in .htpasswd file can access the directory.
> 
> # directory secured with .htaccess within directory                             
> <Directory /home/httpd/html/prot>
>         Options Indexes FollowSymlinks
>         AllowOverride AuthConfig
>         AuthUserFile /etc/httpd/conf/.htpasswd
>         AuthGroupFile /etc/httpd/conf/.htgroup
>         AuthName Password
>         AuthType Basic
>         require group all-the-users
>         <Limit GET PUT POST>
>                 order deny,allow
>                 deny from all
>                 allow from twpo.com.au, defence.gov.au
>         </Limit>
> </Directory>
> 
> The following protection config does not work.
> 
> <Directory /home/httpd/html/SLF/weekly-files/pp>                       
>         Options Indexes FollowSymlinks
>         AllowOverride All
>         AuthUserFile /etc/httpd/conf/.slf-man-pp
>         AuthGroupFile /etc/httpd/conf/.slf-managers
>         AuthName Password
>         AuthType Basic
>         require group all-the-managers
>         <Limit GET PUT POST>
>                 order deny,allow
>                 deny from all
>                 allow from twpo.com.au, defence.gov.au
>         </Limit>
> 
> </Directory>       
> 
> The only difference I can determine is that the second one is not in 
> the root of the server - however a move to root does not fix it. 
> 
> The error log does not report anything, an incorrect passwd however is
> reported. The user puts in passwd after user name and gets an 
> "Authorisation Failed - Retry?" message.
> 
> I have tried just about all different configs, using Files, Location but
> all fail.
> 
> Any help appreciated
> >How-To-Repeat:
> www.twpo.com.au/prot/times.html    - works OK
> www.twpo.com.au/SLF/weekly-files/pp/p1_02pp.html  - fails
> 
> I will create a user apache, passwd apache
> 
> >Fix:
> I wish I did!%2
> >Audit-Trail:
> >Unformatted:
> 
> 
> 


Mime
View raw message