On Thursday 02 February 2006 15:15, Boyle Owen wrote: > Anyway, it looks like your apache config is redirecting requests for XLS > to tomcat. Obviously, this will happen before any .htaccess file is read > (the file is only read if a request results in a file access in the > target dir). Therefore it skips the authentication. "Before" is misleading there. .htaccess applies only within a directory, and won't get applied at all for resources outside that directory. Proxied resources (including anything coming from tomcat) don't come from any directory on the Apache server. > If you do, define the Auth directives in a <Location> container - this > [I think] will get parsed before the redirect to tomcat. Yes, that'll work, though again "before" is a red herring. > Or, implement > the password access in Tomcat > http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html Indeed, that's the best solution, since Tomcat knows all about the files, while Apache is (in this instance) just the messenger. -- Nick Kew --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|