[Techtalk] htaccess and cgi scripts

Adric Net adric at adric.net
Mon Nov 19 01:28:43 UTC 2007


Hi,

It may be  a little tricky to track down. Check not only that  
directory but every directory up from it for .htaccess
as they can be anywhere (!) and then double check all the apache  
configs (might be more than just httpd.conf).

find /web -type f -name ".htaccess" -exec grep AuthUserFile {} \;

will search the entire tree /web for htaccessfiles and print out the  
AuthUserFile lines from all of them that it finds. This will show you  
all the htpasswd files you may have to check. Of course if DIgest,  
SQL, LDAP, etc Auth are being used you'll need to alter the search a  
bit.

The username will eventually submit to logic, but I'm less sure that  
the redirects will ;) Are you using ScriptAlias for the cgi directory?  
That may complicate things some ... Sorry, I am just waking up :/

hth,
adric


On Nov 18, 2007, at 5:52 PM, Maria McKinley wrote:

> Hi there,
>
> I have a user who is using cgi scripts and is using .htpasswd to only
> allow authorized users. For some reason, using the Auth stuff is  
> working
> differently in her cgi stuff than in directories with html. In other
> directories, if you hit cancel when given the username and password
> authorization window, you get the 401 Authorization Required window.  
> In
> her cgi pages, you don't get an error message, it reloads the page you
> were on, but changes the url to the one you were requesting. So, it
> doesn't load the unauthorized page, but it isn't necessarily clear  
> that
> it hasn't. Also, there is at least one page that if I put in the  
> url, it
> will load one image, and ask for a password. Every time you hit cancel
> on this page, it attempts to load images (you end up with question
> marks), until all of the question marks are loaded and then it stops
> asking for a password. The htaccess file for the authorization is
> exactly the same as other directories that act properly.
>
> The only thing strange I have found (and I have not looked at her code
> in detail), are these error messages:
>
> [Sun Nov 18 14:37:33 2007] [error] [client 24.22.172.167] user test  
> not
> found: /~churchland/lip_samson/lip_samson.html
> [Sun Nov 18 14:37:37 2007] [error] [client 24.22.172.167] user test  
> not
> found: /~churchland/lip_samson/lip_samson.html
> [Sun Nov 18 14:38:20 2007] [error] [client 24.22.172.167] user test  
> not
> found: /~churchland/lip_samson/samsondays/011706/011706_polar.gif
> [Sun Nov 18 14:38:20 2007] [error] [client 24.22.172.167] user test  
> not
> found: /~churchland/lip_samson/samsondays/011706/011706_error.gif
> [Sun Nov 18 14:38:22 2007] [error] [client 24.22.172.167] user test  
> not
> found: /~churchland/lip_samson/samsondays/011706/011706_polar.gif
>
> I don't know why it is looking for user test, these files are owned by
> churchland, and there is nothing in the html or cgi scripts about an
> user test.
>
> Any ideas where to look? I didn't see anything weird in httpd.conf.
>
> cheers,
> maria
>
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk



More information about the Techtalk mailing list