Almut Behrens wrote:
>
> ... not meant to be a RTFM (M = message, here ;), but what's the
> error_log saying?
It says:
/usr/local/httpd/htdocs/.htaccess: AuthName not allowed here
I tried moving the .htaccess file into a subdirectory - still
get same error on that directory.
>
> At first sight, I can't see anything being wrong with your configuration.
>
> Usual stupid question: have you checked file permissions? (need to be
> at least readable by UID webserver is running under)
yes, they are -rw-r--r--
>
> Two more notes:
>
> (1) are you sure you really want an .htaccess file here -- putting the
> respective auth-directives in <Directory> would work too. Does
> the access/authentication need to be run-time configurable?
> (This is a performance aspect only -- things do work with .htaccess
> equally)
I'm not sure I understand - do you mean:
--------------------
<Directory "/usr/local/httpd/htdocs">
AuthName "Page page"
AuthType Basic
AuthUserFile /home/ev/public_html/.htpassword
order allow,deny
Allow from all
require valid-user
satisfy any
-------------------
This had no effect - no error message, no request for password, just the
webpage.
>
> (2) -- cut 'n pasted from the manual:
> "Security: make sure that the AuthUserFile is stored outside the
> document tree of the web-server; do not put it in the directory that it
> protects. Otherwise, clients will be able to download the AuthUserFile."
> (reason is the same that shadow passwords were invented for *nix)
>
> - Almut
Config file says the following, but yes, I meant to move it
once I got it working - I wanted to be sure it was finding the file.
Got a little frustrated and started trying random stuff, I guess.
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
>
> _______________________________________________
> techtalk mailing list
> [EMAIL PROTECTED]
> http://www.linux.org.uk/mailman/listinfo/techtalk
_______________________________________________
techtalk mailing list
[EMAIL PROTECTED]
http://www.linux.org.uk/mailman/listinfo/techtalk
