On Mon, 19 Feb 2001, Martin WHEELER wrote: > To my knowledge, protecting a directory using the .htaccess file method > has always worked without a hitch for me on my local machine (Debian > 2.2r2 + proposed-updates) -- but has "suddenly" stopped functioning. > > [EMAIL PROTECTED]:~$ apache -v > Server version: Apache/1.3.9 (Unix) Debian/GNU > Server built: Jan 26 2001 00:10:13 > > is what I'm running (stable hasn't progressed to 1.3.12 yet); the > access.conf file contains: > > <Directory /var/www> > Options Includes Indexes FollowSymLinks > AllowOverride None
The line above means "ignore any .htaccess files in this directory". I don't think you'll want that :) I think you'll want that line to read AllowOverride AuthConfig > order allow,deny > allow from all > </Directory> > > and: > > # Do not allow retrieval of the override files, a standard security > measure. > <Files .htaccess> > order allow,deny > deny from all > </Files> > > srm.conf contains: > > # AccessFileName: The name of the file to look for in each directory > # for access control information. > AccessFileName .htaccess > > but no way will Apache stop and ask for authentication when any user > goes into any directory containing a valid .htaccess file pointing to a > valid htusers/.htpasswd data file. -- Tot ziens, Bart-Jan
