On 11-Nov-2009, at 17:28, André Warnier wrote:
> LuKreme wrote:
> ...
>> DocumentRoot /usr/local/www/example.com/
> ...
>> AuthUserFile /usr/local/www/example.com/.htdavpass
>
> I think that you have managed to do what no developer of Apache ever thought that a user would ever do : place the file containing the users passwords inside the very directory that this file is supposed to help protect.
> You might thus be exploring code pathways which nobody trod before.
OK, but why does it work for one domain (actually, it works for several domains on this same server) but not for others?
any file named .ht* is never served by apache, and there's really nowhere else to place the .htdavpass file.
http.conf:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
(the actual web site is in .../html/ or .../wordpress/, depending on the site)
--
Fairy Tales are more than true; not because they tell us that
dragons exist, but because they tell us that dragons can be
beaten.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|