www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk Treger <tre...@hmi.de>
Subject general/3048: No autorization with .htaccess
Date Wed, 23 Sep 1998 06:49:19 GMT

>Number:         3048
>Category:       general
>Synopsis:       No autorization with .htaccess
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Sep 22 23:50:00 PDT 1998
>Last-Modified:
>Originator:     treger@hmi.de
>Organization:
apache
>Release:        1.3.1
>Environment:
Windows NT 4.0 Server
>Description:
Hi,

on our WinNT system runs an apache web server. 
If I use a .htaccess file and a htpasswd file the server says always I am unauthorized. 
I am sure that I loged in with the correct password.

The error.log file has the following entry:
[Tue Sep 22 16:18:07 1998] [error] user gast: password mismatch: /elabbin/elabnt
.pl

What can I do?

Thanks,
Dirk
>How-To-Repeat:
Here is the access.conf file

# access.conf: Global access configuration
# Online docs at http://www.apache.org/

# This file defines server settings which affect which types of services
# are allowed, and in what circumstances. 

# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories). 

# Note: Where filenames are specified, you must use forward slashes
# instead of backslashes. e.g. "c:/apache" instead of "c:\apache". If
# the drive letter is ommited, the drive where Apache.exe is located
# will be assumed

# Originally by Rob McCool

# First, we configure the "default" to be a very restrictive set of 
# permissions.  

# XXXX disabled because it is currently broken on Win32
#<Directory />
#Options FollowSymLinks
#AllowOverride None
#</Directory>

# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.

# This should be changed to whatever you set DocumentRoot to.

<Directory "d:/elab/apache/server">

# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".

# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.

Options Indexes FollowSymLinks

# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo", 
# "AuthConfig", and "Limit"

AllowOverride All

# Controls who can get stuff from this server.

order allow,deny
allow from all

</Directory>

# d:/elab/apache/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.

<Directory "d:/elab/apache/server/elabbin">
 Options ExecCGI
</Directory>

# Allow server status reports, with the URL of http://servername/server-status
# Change the ".your_domain.com" to match your domain to enable.

#<Location /server-status>
#SetHandler server-status

#order deny,allow
#deny from all
#allow from .hmi.de
#</Location>

# There have been reports of people trying to abuse an old bug from pre-1.1
# days.  This bug involved a CGI script distributed as a part of Apache.
# By uncommenting these lines you can redirect these attacks to a logging 
# script on phf.apache.org.  Or, you can record them yourself, using the script
# support/phf_abuse_log.cgi.

#<Location /cgi-bin/phf*>
#deny from all
#ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi
#</Location>

# You may place any other directories or locations you wish to have
# access information for after this one.


The .htaccess file:

AuthName "PUBLIC-Elektronisches Laborbuch"
AuthType Basic
AuthUserFile "d:/elab/apache/server/elabbin/htpasswd"

require user test
require user gast
require user dirk


The htpasswd file (password for gest is test):

gast:RxvCRMqtdryys
dirk:RxVixYwYOqHEY
test:RxrOFkw0zRndU
>Fix:

>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]




Mime
View raw message