You can : (1) put the user's password entries in the /etc/passwd file (and dummy entries in /etc/shadow, of course) on the web server, which is a _really_ ugly option, or more elegantly, (2) use a RedirectMatch rewrite rule under Apache -- this works even if there is no such entry in the password file, e.g.: RedirectMatch ^/~(.*)$ http://my-target-webserver.somewhere.org/$1 where the target webserver could of course be the machine itself you are running the webserver on, or it could be any other webserver you want to redirect the URL to. (This should be at least close, based just on my recollection of the syntax.) Tobias Kreidl NAU/ITS Academic Computing Ram'on Reyes Carri'on wrote on Thu, 13 Sep 2001 10:32:02 -0500 (CDT): > >On Wed, 12 Sep 2001, Tobias J. Kreidl wrote: > >> Josha Bronson wrote on Wed, 12 Sep 2001 10:12:56 -0700: >> >> Another alternative security measure for machines with user logins is to >> put the public_html areas on a disks that are exported to the web server >> and hence at least hide to some degree the actual machine on which the >> login account resides. > >How do you make this work? Can you still use http:.../~user if you don't >have such a user in your web server?>
