www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: mod_auth-any/2938: The server just lets everyone in, and seems not to check the passwd.db files at all
Date Tue, 01 Sep 1998 18:30:01 GMT
The following reply was made to PR mod_auth-any/2938; it has been noted by GNATS.

From: Marc Slemko <marcs@znep.com>
To: Michael Davon <Davon@web-depot.com>
Cc: apbugs@apache.org
Subject: Re: mod_auth-any/2938: The server just lets everyone in, and seems
 not to check the passwd.db files at all
Date: Tue, 1 Sep 1998 11:20:08 -0700 (PDT)

 On Tue, 1 Sep 1998, Michael Davon wrote:
 
 > 
 > Marc, 
 > 
 > Please reopen the bug.  I have included more of the configuration
 > so that you can see that I am doing that which you suggest.
 
 <sigh>
 
 PLEASE, do you not think that such configuration may be relevant or do you
 just leave it out to make life more difficult?
 
 I'm not trying to be condescending, but it is bad enough that we have many
 people asking for help with basic configuration questions; when you claim
 to be using a config when that obviously not all the relevant directives
 it makes it even harder.
 
 > Also, as I stated in the original report, it does work with
 > Server version Apache/1.2.4 -- so I don't think it's me.
 > 
 > 
 >   First, your authentication should normally be in side some
 >   sort of Directory, etc. section.
 > 
 >   Secondly, you aren't actually telling Apache to require
 >   any auth; you need something like "require valid-user" or
 >   "require user foo", etc.
 > 
 > 
 > Sample piece of httpd.conf file.  I'll provide it all if you
 > want.
 > 
 > -M
 > 
 > <Directory */members>
 
 This is likely your problem.  If you had read the upgrading to 1.3 notes
 you would see:
 
      * When using wildcards in pathnames (such as * and ?) they no longer
        match / (slash). That is, they more closely behave how a UNIX
        shell behaves. This affects <Directory> directives, for example.
 
 You may want to use something like DirectoryMatch and something like
 ".*/hidden" instead.
 
 > options includes followsymlinks execcgi
 > AuthDBMUserFile /www/data/passwd/passwd
 > AuthGroupFile /www/data/group/group
 > AuthType Basic
 > AuthName HotSexPics
 > <Limit GET POST>
 
 Why are you using Limit?  Do you really only want to limit GET and POST?
 If not, leave it out.
 
 > require valid-user
 > </Limit>
 > </Directory>
 > 
 > 
 > -- 
 > Michael Davon                       617-491-0080 Office
 >                                     888-WB-DEPOT Office
 > Davon@Web-Depot.Com                 617-491-0066 Fax
 > http://WWW.Web-Depot.COM            617-491-0033 Home
 > 
 

Mime
View raw message