www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_access/407: .htaccess is not always honored
Date Wed, 16 Apr 1997 23:13:20 GMT
On Wed, 16 Apr 1997, Rob Cash wrote:

[...]
> >Description:
> When I try to access an HTML document (either through a link or by typing
> in the URL myself) that is located in a 'private' directory (protected by
> a .htaccess file), I am asked for a password (as is expected).  I click
> cancel and am denied access.  However if I access some CGI script in that
> directory through a form, I am allowed access.
[...]

> <form action=private/test.cgi method=post>
[...]
> Here's the .htaccess file:
> AuthType Basic
> AuthName SLAP Utility Private Area
> AuthUserFile .htpasswd
> <Limit GET PUT>
> require valid-user
> </Limit>

You are telling it to limit GET and PUT.  Then you are doing a POST.  If
you want to limit POST, you need to tell it to.

You should also be able to just leave the <Limit> and </Limit> bit out and
have it apply to all methods.


Mime
View raw message