On Sun, 1 Feb 2015 12:25:52 -0500, you wrote: >Sounds like Satisfy has been set to "Any" somewhere previously. But in >2.4, you should skip Order and Allow and just use Require.
I commented out both those directives and restarted. Same thing. Anyone can get in, and no username or password is asked for. >On Sun, Feb 1, 2015 at 11:55 AM, Steve Matzura <numb...@noisynotes.com> wrote: >> Upon re-reading this message, I find there was something about which I >> was extremely unclear and ambiguous. I said that the access to the >> password-protected area wasn't working, but failed to specify just >> what wasn't working. The problem is that Apache isn't asking for the >> password, and letting anyone browse this directory. Sorry for having >> inadvertently omitted this major piece of information. >> >> On Sat, 31 Jan 2015 13:23:06 -0500, you wrote: >> >>>I maintain a 2.2 server and am building a 2.4 one. I have a file in a >>>sites-enabled directory containing all the directives I need to define >>>security for my open and password-protected directories. There is an >>>"include" directive in the master configuration file >>>/etc/httpd/conf/httpd.conf. httpd -t tells me the syntax is OK. I know >>>it's reading the included config file because there was an error in it >>>which 'httpd -t' found and which I fixed. The open-access area works >>>fine, but the password-protected one doesn't. Here's the "Directory" >>>block for the non-working one, with pathnames replaced with the >>>generic "MyDir": >>> >>><Directory /MyDir> >>> Options Indexes FollowSymLinks MultiViews >>> AllowOverride None >>> Order allow,deny >>> allow from all >>> AuthType Basic >>> AuthName "My Area" >>> AuthBasicProvider file >>> AuthUserFile /MyDir/.htpasswd >>> require valid-user >>> </Directory> >>> >>>Any thoughts greatly appreciated, with my thanks in advance. >>> >>>--------------------------------------------------------------------- >>>To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >>>For additional commands, e-mail: users-h...@httpd.apache.org >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> For additional commands, e-mail: users-h...@httpd.apache.org >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
