On 8/13/07, J. R. <jrobertlewis5923@xxxxxxxxxxxxx> wrote: > I am running Apache 2.2.4 on 32 x86.System is XP SP2 (DynDNS) and set server > location. Set DocumentRoot, Set > <Directory>, AllowOverride ALL, set htpasswd -c, in Notepad=AuthType Basic > AuthName "This is a private area, please log in" > > AuthUserFile "c:\etc.\my_password_file.txt" Always use forward slashes in apache config files. > AuthGroupFile /dev/null That line is not necessary. > > <Limit GET POST PUT> DON'T DO THAT. See the docs for the <Limit> directive for an explanation of why it should be simply exluded entirely. > require valid-user > </Limit> , saved ".htaccess" in DocumentRoot. SUCCESS!!. Why are you using .htaccess rather than simply putting this in a <Directory> section in httpd.conf? See: http://httpd.apache.org/docs/2.2/howto/htaccess.html#when > Three resulting > Problems. > 1. Login is not secure What does that mean? Secure in what way? > 2. User Login window in deopdown includes my hotmail address. That is a browser issue. Apache is certainly not supplying any default username info. > 3. Once logged in, desktop.ini is included in Directory. In directory listings you mean? You can either use http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexignore to exclude certain files from the listing (but leave them accesible to those that know that they are there) or use <Files desktop.ini> Order allow,deny Deny from all </Files> Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|