I have read the mod_auth and Authorization and Access Control docs as well as Chapter 2 of Ivan Ristic's Apache Security. I'm not claiming I have actually understood everything I read but I think I've done what is required.
In addition, I checked that all the directories nominated are correct. I also restarted the computer (SuSE 9.1) as well as the server (2.0.53) and the browser on a networked machine. Several times.
The actual problem is that I can browse to a file in the directory and it it comes up without requesting authorization.
The config info I have been tweaking is listed below.
Thanks for any advice.
Regards
mike
...
In /etc/Apache2/conf.d - basic_auth.conf which only contains ...
<Directory /svr/www/htdocs/auth/mcfs>
AuthType Basic
AuthName "MCFS Action"
AuthUserFile /svr/www/data/pwl/action/memb
Require valid-user
</Directory>
All *.conf files in that directory are definitely processed by Apache. I
know this because the Subversion.conf file is in there and that works
well. Apache is working perfectly - the problem is mine.
Here is an edited extract of my /etc/Apache2/httpd.conf ...
# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
#
Here is an edited extract of my /etc/Apache2/default_server.conf ...
#
DocumentRoot "/srv/www/htdocs"
#
<Directory "/srv/www/htdocs">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|