Ok, thanks Brian.For the log - after a bit of experimentation, the problem I have appears to be that while you can password-protect a Location, Location directives are applied after rewrites. So if you have:
ScriptAlias /cgi-bin/ /some/where/cgi-bin/
RewriteRule ^.*$ /cgi-bin/my-cms [QSA,PT,L]
<Location /somepath>
AuthType Basic
....
</Location>
Your Location will never match (because the Location is always
/cgi-bin/my-cms by the time Apache applies the Location to it).
I'll see if I can find a way around this that doesn't involve implementing basic auth inside the CGI script.
On 26/10/2010 18:07, Brian Hirt wrote:
I don't use htaccess anywhere, but we use things like this in our config that work just fine. You might want to make sure your Order and Allow are set up to work correctly. <Location /somepath> AuthType Basic AuthName "Restricted Directory" AuthUserFile /some/where/user.pass Require user someuser </Location> On Oct 26, 2010, at 9:55 AM, Sacha Varma wrote:On 19:59, Brian Hirt wrote:Use<Location> instead of<Directory>That's the first thing I tried, and was surprised when it didn't work. The documentation is explicit though, the only valid contexts for the mod_auth directives are Directory and htaccess: http://httpd.apache.org/docs/2.0/mod/mod_auth.html Do you have a working example of doing this via<Location>?
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|