[Techtalk] htaccess and cgi scripts

Maria McKinley maria at shadlen.org
Mon Nov 19 11:10:18 UTC 2007 

Is it possible that it is something in the cgi scripts themselves? Other
cgi-scripts run fine, although they are not in the home directories
(stuff like mailman). The htaccess files do look fine, and I didn't find
any hidden that I didn't already know about. I am perplexed about the
user test, but that could also be a red herring.

Here is the relevant part of httpd.conf

<Directory /home/*/http>
     AllowOverride FileInfo AuthConfig Limit
     Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI
     <Limit GET POST OPTIONS PROPFIND>
         Order allow,deny
         Allow from all
     </Limit>
     <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
         Order deny,allow
         Deny from all
     </Limit>
</Directory>

The htaccess file in the user's cgi bin is just:

AddHandler cgi-script .cgi

And then some proper htaccess with auth stuff in some other http
directories.

I am using ScriptAlias for the cgi directory, but everything looks fine
there, and my other cgi scripts seem fine, although it looks like they
do internal error handling.

I did notice a config file in /etc/apache/conf.d,
/etc/apache/conf.d/php4.conf. I'm not sure what it does, and couldn't
find anything about it on the apache web site, and nothing useful with
google.

Thanks for any pointers.

cheers,
maria

Adric Net wrote:
> Hi,
> 
> It may be  a little tricky to track down. Check not only that  
> directory but every directory up from it for .htaccess
> as they can be anywhere (!) and then double check all the apache  
> configs (might be more than just httpd.conf).
> 
> find /web -type f -name ".htaccess" -exec grep AuthUserFile {} \;
> 
> will search the entire tree /web for htaccessfiles and print out the  
> AuthUserFile lines from all of them that it finds. This will show you  
> all the htpasswd files you may have to check. Of course if DIgest,  
> SQL, LDAP, etc Auth are being used you'll need to alter the search a  
> bit.
> 
> The username will eventually submit to logic, but I'm less sure that  
> the redirects will ;) Are you using ScriptAlias for the cgi directory?  
> That may complicate things some ... Sorry, I am just waking up :/
> 
> hth,
> adric
> 
> 
> On Nov 18, 2007, at 5:52 PM, Maria McKinley wrote:
> 
>> Hi there,
>>
>> I have a user who is using cgi scripts and is using .htpasswd to only
>> allow authorized users. For some reason, using the Auth stuff is  
>> working
>> differently in her cgi stuff than in directories with html. In other
>> directories, if you hit cancel when given the username and password
>> authorization window, you get the 401 Authorization Required window.  
>> In
>> her cgi pages, you don't get an error message, it reloads the page you
>> were on, but changes the url to the one you were requesting. So, it
>> doesn't load the unauthorized page, but it isn't necessarily clear  
>> that
>> it hasn't. Also, there is at least one page that if I put in the  
>> url, it
>> will load one image, and ask for a password. Every time you hit cancel
>> on this page, it attempts to load images (you end up with question
>> marks), until all of the question marks are loaded and then it stops
>> asking for a password. The htaccess file for the authorization is
>> exactly the same as other directories that act properly.
>>
>> The only thing strange I have found (and I have not looked at her code
>> in detail), are these error messages:
>>
>> [Sun Nov 18 14:37:33 2007] [error] [client 24.22.172.167] user test  
>> not
>> found: /~churchland/lip_samson/lip_samson.html
>> [Sun Nov 18 14:37:37 2007] [error] [client 24.22.172.167] user test  
>> not
>> found: /~churchland/lip_samson/lip_samson.html
>> [Sun Nov 18 14:38:20 2007] [error] [client 24.22.172.167] user test  
>> not
>> found: /~churchland/lip_samson/samsondays/011706/011706_polar.gif
>> [Sun Nov 18 14:38:20 2007] [error] [client 24.22.172.167] user test  
>> not
>> found: /~churchland/lip_samson/samsondays/011706/011706_error.gif
>> [Sun Nov 18 14:38:22 2007] [error] [client 24.22.172.167] user test  
>> not
>> found: /~churchland/lip_samson/samsondays/011706/011706_polar.gif
>>
>> I don't know why it is looking for user test, these files are owned by
>> churchland, and there is nothing in the html or cgi scripts about an
>> user test.
>>
>> Any ideas where to look? I didn't see anything weird in httpd.conf.
>>
>> cheers,
>> maria
>>
>> _______________________________________________
>> Techtalk mailing list
>> Techtalk at linuxchix.org
>> http://mailman.linuxchix.org/mailman/listinfo/techtalk
> 
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk

More information about the Techtalk mailing list