[Techtalk] htaccess and cgi scripts

Tricia Bowen tricia.bowen at gmail.com
Mon Nov 19 18:20:17 UTC 2007 

Maria,
What's the content of your .htpasswd file? Do you have a user named
"test" listed there?
--Tricia

On Nov 19, 2007 6:10 AM, Maria McKinley <maria at shadlen.org> wrote:
> Is it possible that it is something in the cgi scripts themselves? Other
> cgi-scripts run fine, although they are not in the home directories
> (stuff like mailman). The htaccess files do look fine, and I didn't find
> any hidden that I didn't already know about. I am perplexed about the
> user test, but that could also be a red herring.
>
> Here is the relevant part of httpd.conf
>
> <Directory /home/*/http>
>     AllowOverride FileInfo AuthConfig Limit
>     Options MultiViews Indexes SymLinksIfOwnerMatch ExecCGI
>     <Limit GET POST OPTIONS PROPFIND>
>         Order allow,deny
>         Allow from all
>     </Limit>
>     <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
>         Order deny,allow
>         Deny from all
>     </Limit>
> </Directory>
>
> The htaccess file in the user's cgi bin is just:
>
> AddHandler cgi-script .cgi
>
> And then some proper htaccess with auth stuff in some other http
> directories.
>
> I am using ScriptAlias for the cgi directory, but everything looks fine
> there, and my other cgi scripts seem fine, although it looks like they
> do internal error handling.
>
> I did notice a config file in /etc/apache/conf.d,
> /etc/apache/conf.d/php4.conf. I'm not sure what it does, and couldn't
> find anything about it on the apache web site, and nothing useful with
> google.
>
> Thanks for any pointers.
>
> cheers,
> maria
>
>
> Adric Net wrote:
> > Hi,
> >
> > It may be  a little tricky to track down. Check not only that
> > directory but every directory up from it for .htaccess
> > as they can be anywhere (!) and then double check all the apache
> > configs (might be more than just httpd.conf).
> >
> > find /web -type f -name ".htaccess" -exec grep AuthUserFile {} \;
> >
> > will search the entire tree /web for htaccessfiles and print out the
> > AuthUserFile lines from all of them that it finds. This will show you
> > all the htpasswd files you may have to check. Of course if DIgest,
> > SQL, LDAP, etc Auth are being used you'll need to alter the search a
> > bit.
> >
> > The username will eventually submit to logic, but I'm less sure that
> > the redirects will ;) Are you using ScriptAlias for the cgi directory?
> > That may complicate things some ... Sorry, I am just waking up :/
> >
> > hth,
> > adric
> >
> >
> > On Nov 18, 2007, at 5:52 PM, Maria McKinley wrote:
> >
> >> Hi there,
> >>
> >> I have a user who is using cgi scripts and is using .htpasswd to only
> >> allow authorized users. For some reason, using the Auth stuff is
> >> working
> >> differently in her cgi stuff than in directories with html. In other
> >> directories, if you hit cancel when given the username and password
> >> authorization window, you get the 401 Authorization Required window.
> >> In
> >> her cgi pages, you don't get an error message, it reloads the page you
> >> were on, but changes the url to the one you were requesting. So, it
> >> doesn't load the unauthorized page, but it isn't necessarily clear
> >> that
> >> it hasn't. Also, there is at least one page that if I put in the
> >> url, it
> >> will load one image, and ask for a password. Every time you hit cancel
> >> on this page, it attempts to load images (you end up with question
> >> marks), until all of the question marks are loaded and then it stops
> >> asking for a password. The htaccess file for the authorization is
> >> exactly the same as other directories that act properly.
> >>
> >> The only thing strange I have found (and I have not looked at her code
> >> in detail), are these error messages:
> >>
> >> [Sun Nov 18 14:37:33 2007] [error] [client 24.22.172.167] user test
> >> not
> >> found: /~churchland/lip_samson/lip_samson.html
> >> [Sun Nov 18 14:37:37 2007] [error] [client 24.22.172.167] user test
> >> not
> >> found: /~churchland/lip_samson/lip_samson.html
> >> [Sun Nov 18 14:38:20 2007] [error] [client 24.22.172.167] user test
> >> not
> >> found: /~churchland/lip_samson/samsondays/011706/011706_polar.gif
> >> [Sun Nov 18 14:38:20 2007] [error] [client 24.22.172.167] user test
> >> not
> >> found: /~churchland/lip_samson/samsondays/011706/011706_error.gif
> >> [Sun Nov 18 14:38:22 2007] [error] [client 24.22.172.167] user test
> >> not
> >> found: /~churchland/lip_samson/samsondays/011706/011706_polar.gif
> >>
> >> I don't know why it is looking for user test, these files are owned by
> >> churchland, and there is nothing in the html or cgi scripts about an
> >> user test.
> >>
> >> Any ideas where to look? I didn't see anything weird in httpd.conf.
> >>
> >> cheers,
> >> maria
> >>
> >> _______________________________________________
> >> Techtalk mailing list
> >> Techtalk at linuxchix.org
> >> http://mailman.linuxchix.org/mailman/listinfo/techtalk
> >
> > _______________________________________________
> > Techtalk mailing list
> > Techtalk at linuxchix.org
> > http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>



-- 
--Tricia

More information about the Techtalk mailing list