Re: still see .htaccess and .htpasswd trough virtual host

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 8 Jul 2010 10:57:23 +0200
Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote:

<snip>

> 
> is this in server config or in some virtualhost or directory section?
> Is there any <Files> section of the host you are referring to?
> 
</snip>

Hello Mark and Matus,

Thanks for your responses, the <Files> section is at httpd.conf .I think it would be the best if I show you two files; httpd.conf and a vhost

###### httpd.conf ###############
--------------------------------------

# run under this user/group id
Include /etc/apache2/uid.conf

# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf

# ErrorLog: The location of the error log file.
ErrorLog /var/log/apache2/error_log

# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf

# IP addresses / ports to listen on
Include /etc/apache2/listen.conf

# predefined logging formats
Include /etc/apache2/mod_log_config.conf

# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf

# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf

# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf

# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf

# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf

# set up (customizable) error responses
Include /etc/apache2/errors.conf

# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf

# forbid access to the entire filesystem by default
<Directory />
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

### Virtual server configuration ####
Include /etc/apache2/vhosts.d/*.conf
`````````````````````````````````````````````````````````````

And now here is one vhsost

```````````````````````````````````````````````````
<VirtualHost  example.com:80>
ServerName http://www.example.com
ServerAlias http://example.com
ServerAdmin you@xxxxxxxxxxx

#don't loose time with IP address lookups
HostnameLookups Off

# needed for named virtual hosts
#UseCanonicalName Off

DocumentRoot /srv/www/htdocs/example.com

DirectoryIndex index.php

ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"

<Directory "/srv/www/htdocs/example.com/">

Options +FollowSymLinks -Indexes

# .htaccess slows down apache; only use it when required #
AllowOverride All
Order allow,deny
Allow from all

### Begin: Rewrite stuff ###
    <IfModule mod_rewrite.c>

        # Enable URL rewriting
         RewriteEngine On
         RewriteBase /

                        # If the file/symlink/directory does not exist =>
                        Redirect to index.php # Important note: If you
                        copy/paste this into httpd.conf instead # of .htaccess
                        you will need to add '%{DOCUMENT_ROOT}' left to each #
                        '%{REQUEST_FILENAME}' part. RewriteCond
                        %{REQUEST_FILENAME} !-f RewriteCond
                        %{REQUEST_FILENAME} !-d RewriteCond
                        %{REQUEST_FILENAME} !-l

                        RewriteRule .* index.php [L]

        ### End: Rewrite stuff ###
    </IfModule>
</Directory>


ScriptAlias /awstats  /usr/local/awstats/wwwroot/cgi-bin/awstats.pl
<Location /awstats>
AuthType Basic
AuthName "awstats requires a password"
AuthUserFile /srv/www/htdocs/example.com/.htpasswd
Require valid-user
</Location>
</VirtualHost>
`````````````````````````````````````````````````````````````````

If I visit example.com;  I can see the contents of both .htaccess and .htpasswd :-(


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux