Hi all. Happy New Year everybody. I'm really having problems with this and I can't figure it out. The problem is that apache seems to be ignoring any of the authentication setup i've put in for a new virtual host. The pages are freely available to anyone who goes to the URL. The error logs and access logs reflect this. No errors, and access entries show regular web page serving. I went through the tutorial (http://httpd.apache.org/docs/howto/auth.html) and the apache manual (html version downlaoded to my computer) just to make sure I wasn't missing anything and still having problems. I'm sure I've overlooked something obvious so hopefully someone can help me out. (at least I'm hoping it's something obvious that i've overlooked) We're running Redhat 8.x, Apache2.0.48. The httpd.conf file is quite convoluted (legacy, and this is where I think i'm overlooking something). There are several virtualhost entries and the problem I'm having is wiht a new Virtualhost for accessing reports of webstats for a specific site. There is an AllowOverride None in the main config area (before all the Virtual hosts directives) in a <Directory /> directive . From what I remember and what I read in one of the tutorials or manuals that means that the .htaccess file is completely ignored which is why I'm doing everything in the VirtualHost directive to be safe. (is this correct?) Here is my Virtualhost entry: <VirtualHost 10.253.32.174:80> ServerName reports.auto-rebates.com ServerAdmin webmaster@xxxxxxxxxxxxxxxx DocumentRoot /home/www/reports.auto-rebates.com DirectoryIndex index.html Alias /awstatsjs "/usr/local/awstats/wwwroot/js/" Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/" Alias /awstatscss "/usr/local/awstats/wwwroot/css" Alias /awstatsicons "/usr/local/awstats/wwwroot/icon" <Directory /> AuthType Basic AuthName "ReportsAutoRebates" AuthUserFile /home/www/reports.auto-rebates.com/.rarpasswd Require valid-user </Directory> </VirtualHost> I've also tried Require user byau as well (my test username) with no luck. I created the password file using # htpasswd -c /home/www/reports.auto-rebates.com/.rarpasswd byau I've stopped and restarted the server every time I've changed anything. I've also stopped and restarted my browser (IE on WinXP) and deleted temp browser files in case I was already auth for that dir and for that reason was skipping future auth. Also accessed the pages using lynx on localhost and still no auth required. There are no errors. only entries in access just like normal web page serving It's worth mentioning that there is a virtual host that uses /home/www as its documentroot that has its own auth configs. These do work by the way. When I close/repoen browser and attepmt to go to the reports website in /home/www/reports.auto-rebates.com, there is no auth asked for at all so I don't think it is that I have already somehow been validated into /home/www and am now being validated into /home/www/reports.auto-rebates.com. Is it possible that configurations for /home/www i affecting configs for /home/www/reports.auto-rebates.com even though they are in different <Virtualhost> directives? Here is the first <Virtualhost> entry: <VirtualHost 10.253.32.174:80> ServerName www.escrip.com CauchoConfigFile /usr/local/resin/conf/escrip.conf Serveradmin webadmin@xxxxxxxxx DirectoryIndex index.html index.htm index.jsp index.HTM /error/404.html ScriptAlias /cgi-bin/ /home/www/escripinc_pub/cgi-bin/ Alias /dev/ /home/www/dev/escripinc_pub/ DocumentRoot /home/www/escripinc_pub/ <Directory /> AuthType Basic AuthName "Escrip Staging" AuthUserFile /home/www/.esipasswd AuthGroupFile /dev/null Require valid-user </Directory> </Virtualhost> And here is the config stuff before the first <Virtualhost>. I took out all the things that didn' tlook relevant (like Add* and BrowserMatch* and things like that) User nobody Group nobody ServerAdmin webmaster@xxxxxxxxxxxxxxxx ServerName tarpon.internal.cci UseCanonicalName Off DocumentRoot "/usr/local/apache2.0.48/htdocs" <Directory /> Options FollowSymLinks AllowOverride None </Directory> AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> TypesConfig conf/mime.types DefaultType text/plain <IfModule mod_mime_magic.c> MIMEMagicFile conf/magic </IfModule> HostnameLookups Off Thanks anybody for any ideas on where I can look. At this point I'm just trying random things out to see if anything works. I realize there are other issues to solve (such as not putting the AuthUserFile in same dir as DocumentRoot). That's the legacy they are using on the test server that I'll talk to him about later. All I need to do right now is just get the username/password working for this virtual host. Thanks! Cheers! Ben -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
