----- "Sacha Varma" <sacha@xxxxxxxxx> wrote: > Ok, thanks Brian. > > For the log - after a bit of experimentation, the problem I have > appears > to be that while you can password-protect a Location, Location > directives are applied after rewrites. So if you have: > > ScriptAlias /cgi-bin/ /some/where/cgi-bin/ > > RewriteRule ^.*$ /cgi-bin/my-cms [QSA,PT,L] > > <Location /somepath> > AuthType Basic > .... > </Location> > > Your Location will never match (because the Location is always > /cgi-bin/my-cms by the time Apache applies the Location to it). The reason for this is actually [PT] -- the processing would never even hit the ScriptAlias without it http://httpd.apache.org/docs/trunk/rewrite/flags.html#flag_pt Now, considering this, you can either apply your authentication to <Directory /some/where/cgi-bin/login/> Authtype Basic .... </Directory> Or in: <Location /cgi-bin/login/script.cgi> AuthType Basic ... </Location> i -- Igor GaliÄ Tel: +43 (0) 664 886 22 883 Mail: i.galic@xxxxxxxxxxxxxx URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|