On 19.05.09 15:59, Chris Henderson wrote: > Is there any way to tell Apache2 to prompt for username and password > when it sees a .htaccess file in a directory? No. But there is way to tell apache to read and parse the .htaccess (see <Directory> and AllowOverride directives) and the .htaccess can contain directives that will require authentication. However, it won't be apache who asks for password, it's the browser's business. > At the moment, I need to define the directory in the following > fashion in Apache2 conf file but it becomes a problem as I have > thousands of directories that needs .htaccess file password > protection. > > For example, assuming /website is DirectoryRoot then protect > /website/a1, /website/b2 etc. thousands of directories with thousands of different permissions? > <Directory "/website/dir"> > AllowOverride All > Options Indexes > Order allow,deny > Allow from all > AuthUserFile /website/dir/.htaccess > </Directory> This only configures /website/dir, not /website/a1 etc. Since you have <Directory /website> below, appatently you could just skip that. Also, the AuthUerFile specifies the _password_ file, this is not a password file, but an access file, configured by AccessFileName, that can be relative. > Here is my .htaccess file > > AuthName "Restricted" > AuthType Basic > AuthLDAPURL ldap://ad.company.com:389/ou=marketing,dc=company,dc=com?sAMAccountName?sub > AuthBasicProvider ldap > AuthzLDAPAuthoritative off Do you use other authentication methods? > require valid-user the same permissions/ Why not check them for /website/* then? > In /etc/apache2/default-server.conf, I have changed > > DocumentRoot "/srv/www/htdocs" > <Directory "/srv/www/htdocs/"> > Options None > AllowOverride None > Order allow,deny > Allow from all > </Directory> > > to > > DocumentRoot "/website" > <Directory "/website/"> > Options None > AllowOverride All > Order allow,deny > Allow from all > </Directory> > > but it don't seem to work. Thanks for any help. You seem have made more mistakes... -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Silvester Stallone: Father of the RISC concept. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|