Re: still see .htaccess and .htpasswd trough virtual host

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

any clue please ?

On Thu, 8 Jul 2010 16:38:04 +0530
"J. Bakshi" <joydeep@xxxxxxxxxxxxxxx> wrote:

> On Thu, 8 Jul 2010 10:57:23 +0200
> Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote:
> 
> <snip>
> 
> > 
> > is this in server config or in some virtualhost or directory section?
> > Is there any <Files> section of the host you are referring to?
> > 
> </snip>
> 
> Hello Mark and Matus,
> 
> Thanks for your responses, the <Files> section is at httpd.conf .I think it
> would be the best if I show you two files; httpd.conf and a vhost
> 
> ###### httpd.conf ###############
> --------------------------------------
> 
> # run under this user/group id
> Include /etc/apache2/uid.conf
> 
> # - how many server processes to start (server pool regulation)
> # - usage of KeepAlive
> Include /etc/apache2/server-tuning.conf
> 
> # ErrorLog: The location of the error log file.
> ErrorLog /var/log/apache2/error_log
> 
> # generated from APACHE_MODULES in /etc/sysconfig/apache2
> Include /etc/apache2/sysconfig.d/loadmodule.conf
> 
> # IP addresses / ports to listen on
> Include /etc/apache2/listen.conf
> 
> # predefined logging formats
> Include /etc/apache2/mod_log_config.conf
> 
> # generated from global settings in /etc/sysconfig/apache2
> Include /etc/apache2/sysconfig.d/global.conf
> 
> # optional mod_status, mod_info
> Include /etc/apache2/mod_status.conf
> Include /etc/apache2/mod_info.conf
> 
> # optional cookie-based user tracking
> # read the documentation before using it!!
> Include /etc/apache2/mod_usertrack.conf
> 
> # configuration of server-generated directory listings
> Include /etc/apache2/mod_autoindex-defaults.conf
> 
> # associate MIME types with filename extensions
> TypesConfig /etc/apache2/mime.types
> DefaultType text/plain
> Include /etc/apache2/mod_mime-defaults.conf
> 
> # set up (customizable) error responses
> Include /etc/apache2/errors.conf
> 
> # global (server-wide) SSL configuration, that is not specific to
> # any virtual host
> Include /etc/apache2/ssl-global.conf
> 
> # forbid access to the entire filesystem by default
> <Directory />
>     Options None
>     AllowOverride None
>     Order deny,allow
>     Deny from all
> </Directory>
> 
> AccessFileName .htaccess
> 
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> #
> <Files ~ "^\.ht">
>     Order allow,deny
>     Deny from all
> </Files>
> 
> ### Virtual server configuration ####
> Include /etc/apache2/vhosts.d/*.conf
> `````````````````````````````````````````````````````````````
> 
> And now here is one vhsost
> 
> ```````````````````````````````````````````````````
> <VirtualHost  example.com:80>
> ServerName http://www.example.com
> ServerAlias http://example.com
> ServerAdmin you@xxxxxxxxxxx
> 
> #don't loose time with IP address lookups
> HostnameLookups Off
> 
> # needed for named virtual hosts
> #UseCanonicalName Off
> 
> DocumentRoot /srv/www/htdocs/example.com
> 
> DirectoryIndex index.php
> 
> ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"
> 
> <Directory "/srv/www/htdocs/example.com/">
> 
> Options +FollowSymLinks -Indexes
> 
> # .htaccess slows down apache; only use it when required #
> AllowOverride All
> Order allow,deny
> Allow from all
> 
> ### Begin: Rewrite stuff ###
>     <IfModule mod_rewrite.c>
> 
>         # Enable URL rewriting
>          RewriteEngine On
>          RewriteBase /
> 
>                         # If the file/symlink/directory does not exist =>
>                         Redirect to index.php # Important note: If you
>                         copy/paste this into httpd.conf instead # of .htaccess
>                         you will need to add '%{DOCUMENT_ROOT}' left to each #
>                         '%{REQUEST_FILENAME}' part. RewriteCond
>                         %{REQUEST_FILENAME} !-f RewriteCond
>                         %{REQUEST_FILENAME} !-d RewriteCond
>                         %{REQUEST_FILENAME} !-l
> 
>                         RewriteRule .* index.php [L]
> 
>         ### End: Rewrite stuff ###
>     </IfModule>
> </Directory>
> 
> 
> ScriptAlias /awstats  /usr/local/awstats/wwwroot/cgi-bin/awstats.pl
> <Location /awstats>
> AuthType Basic
> AuthName "awstats requires a password"
> AuthUserFile /srv/www/htdocs/example.com/.htpasswd
> Require valid-user
> </Location>
> </VirtualHost>
> `````````````````````````````````````````````````````````````````
> 
> If I visit example.com;  I can see the contents of both .htaccess
> and .htpasswd :-(
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux