Re: htaccess hell

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 06/15/2011 08:56 PM, Ian Zimmerman wrote:

I (or rather my distro) enabled userdir as follows:

LoadModule userdir_module /usr/lib/apache2/modules/mod_userdir.so

<IfModule mod_userdir.c>


urgh

         UserDir public_html
         UserDir disabled root

         <Directory /home/*/public_html>
                 AllowOverride FileInfo AuthConfig Limit Indexes


Don't allow Limit overrides here.


                 Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
                 <Limit GET POST OPTIONS>
                         Order allow,deny
                         Allow from all
                 </Limit>
                 <LimitExcept GET POST OPTIONS>
                         Order deny,allow
                         Deny from all
                 </LimitExcept>


Exactly the same thing twice. Use LimitExcept.


         </Directory>
</IfModule>

Document root is configured as follows:

         <Location />


No. Nonononononononono.

A Documentroot MUST point to a physical filesystem <Directory>.


                 Options Indexes FollowSymLinks MultiViews
                 AuthType Basic
                 AuthName "Root Realm"
                 AuthBasicProvider file
                 AuthUserFile /etc/apache2/passwd
                 Require valid-user
                 Order allow,deny
                 allow from all
         </Location>

Now, I try to override the auth settings in a subtree of my
~/public_html by putting a .htaccess file there, which reads as follows:



Authentication SHOULD always be done on physical files if possible.
This prevents people bypassing it by using an alternate URL.



AuthType Basic
AuthName "My Personal Space"
AuthUserFile /etc/apache2/passwd
Require User itz

Yet, no matter how many hairs I pull, when I GET anything under that
subtree, I'm asked to authenticate for "Root Realm".



Fix the above first, it will be obvious then.



I know that the .htaccess file is getting read, because when I drop
garbage there I get a server error upon loading that page.  So somehow
the AuthName directive in the .htaccess is getting ignored.  Why??
AllowOverride seems to allow it.

Version info:

  [8]ahiker:~$ dpkg --status apache2
Package: apache2
Status: install ok installed
Priority: optional
Section: httpd
Installed-Size: 36
Maintainer: Debian Apache Maintainers<debian-apache@xxxxxxxxxxxxxxxx>
Architecture: i386
Version: 2.2.16-6+squeeze1




--
J.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux