On 10/10/07, Gary Girolimon <ggirolimon@xxxxxxxxxxxxxxxxxxx> wrote:
> Hi,
>
> We need to password protect a directory on our webserver. I changed
> httpd.conf to AllowOverride AuthConfig, created a password file
> (users) in /etc/httpd/conf/ created a user name and password,
> verified the permissions to be 644 on the users file, and put
> a .htaccess file containing the following in the directory that I
> want to protect. I stopped and started Apache, but the server still
> displays pages from that directory without asking for a user name and
> password.
> Here is the content of the .htacces file:
>
> AuthType Basic
> AuthName "Restricted Files"
> AuthUserFile /etc/httpd/conf/users
> Require valid-user
>
> Any suggestons on how to make this work are appreciated.
Your AllowOverride most likely isn't in the right place. Try putting
an obvious syntax error ("FooBar") in the .htaccess file. If apache
still lets you access the directory, then the .htaccess isn't being
read, meaning you haven't properly configured AllowOverride.
But in general, you should just forget about AllowOverride and put
your auth directives in httpd.conf inside a <Directory
/full/path/to/restricted/dir>.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|