Re: Problem With Password Protection in Apache 2.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Boyle Owen wrote:


- what *exactly* is the name of the file? In the config snippet it is
called ".htpasswd", but above you call it ".htpassword". 

Sorry. It is .htpasswd.


The directory on the Directory line exists:, e.g.

% ls -d /users/chemweb/apache2/http-cchem/htdocs/admittedstudent
/users/chemweb/apache2/http-cchem/htdocs/admittedstudent


- it exists from that shell, but does it exist from the shell that
apache is running in? (looks like a mounted dir, to me..)
- what are the read permissions on the file, can apache read it?


Yes. We use a reverse proxy design where there are instances
of Apache running with my uid. The file and directory are only
readable by me, which is OK in this situation.


Couple of other points:

- password file is in the same dir as the content. So anyone can access
it. Are you OK about that?


Actually the password file is not in the same directory as the content.
I have some mod_rewrite rules that I didn't show that redirect all
URLs to a "public_html" directory in each user's account.


- Require directive is limited to GET requests. So you don't mind if
people without a password access the content via POST requests?


I just did a cut and paste from an example from some documentation.
At this point this is the least of my problems, especially since the
content does not require high security. Once I get the password
protection issue solved then I'll add POST too.

If I can't solve this soon I'm going to go ahead and try .htaccess
files but I'd rather do this right by using directives in the
httpd.conf file.

Thanks for your comments.

Jon Forrest
Unix Computing Support
College of Chemistry
173 Tan Hall
University of California Berkeley
Berkeley, CA
94720-1460
510-643-1032
jlforrest@xxxxxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux