[techtalk] .htaccess problem

terry terry at scruznet.com
Sat May 26 01:07:47 EST 2001 

Almut Behrens wrote:
> 

> ... not meant to be a RTFM (M = message, here ;), but what's the
> error_log saying?

It says:
 /usr/local/httpd/htdocs/.htaccess: AuthName not allowed here

I tried moving the .htaccess file into a subdirectory - still
get same error on that directory.

> 
> At first sight, I can't see anything being wrong with your configuration.
> 
> Usual stupid question: have you checked file permissions? (need to be
> at least readable by UID webserver is running under)

yes, they are -rw-r--r--
> 
> Two more notes:
> 
> (1) are you sure you really want an .htaccess file here -- putting the
> respective auth-directives in <Directory> would work too. Does
> the access/authentication need to be run-time configurable?
> (This is a performance aspect only -- things do work with .htaccess
> equally)

I'm not sure I understand - do you mean:
--------------------
<Directory "/usr/local/httpd/htdocs">

AuthName "Page page"

AuthType Basic
AuthUserFile /home/ev/public_html/.htpassword
order allow,deny
Allow from all

require valid-user
satisfy any
-------------------
This had no effect - no error message, no request for password, just the
webpage.

> 
> (2) -- cut 'n pasted from the manual:
> "Security: make sure that the AuthUserFile is stored outside the
> document tree of the web-server; do not put it in the directory that it
> protects. Otherwise, clients will be able to download the AuthUserFile."
> (reason is the same that shadow passwords were invented for *nix)
> 
> - Almut

Config file says the following, but yes, I meant to move it
once I got it working - I wanted to be sure it was finding the file.
Got a little frustrated and started trying random stuff, I guess.

# The following lines prevent .htaccess files from being viewed by
# Web clients.  Since .htaccess files often contain authorization
# information, access is disallowed for security reasons.  Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files.  If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

> 
> _______________________________________________
> techtalk mailing list
> techtalk at linuxchix.org
> http://www.linux.org.uk/mailman/listinfo/techtalk

More information about the Techtalk mailing list