httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lad.G...@cle.philips.com
Subject Re: MS Word, .htaccess & Passwords
Date Mon, 03 Jun 2002 18:21:39 GMT





Please respond to users@httpd.apache.org

To:   users@httpd.apache.org
cc:

Subject:  Re: MS Word, .htaccess & Passwords



On Mon, 3 Jun 2002 Lad.Gaal@cle.philips.com wrote:
>> I have users directories at /home. So when a user has a word document
and
>> someone tries to access it, the browser puts up the "enter network
>> password" box. You can click OK to the empty box or hit cancel and the
.doc
>> file proceeds to open. This type of scenario also happens in the
protected
>> area of the tree structure. The curious thing is that I have seen this
only
>> occur with MS word documents. It doesn't happen with pdf files, text
files,
>> etc.
>>
>> I have checked the mime types and played with the httpd.conf file till
I'm
>> blue. The only thing that I have found to get passed this trouble is to
>> remove the .htaccess I am open to any and all suggestions to resolve
this
>> quirk while maintaining the security of .htaccess.

>This sounds like typical MS-brain-dead behvior.  My guess: MSIE is looking
>for frontpage extensions or some such thing to see if it will give
>"publishing" access to the word document.  It looks for these files under
>the document root.  If you didn't have authentication, they would just be
>"not found", but since you have authentication, the server must ask for
>auth before it can confirm that.

>Solutions?  Well, you can check your access log for the particular files
>that MS is looking for and deliberately unprotect those locations.  (You
>won't have any files there, but if you unprotect the relevant directory,
>you should be able to stop the password prompt.)



It appears that it is looking for a file called  /_vti_inf.hml What makes
this perplexing is that I have no file on my system called _vti_inf.html.
So judging by the entry in the access_log of - "Get /_vti_inf.html
HTTP/1.1" 401 409 - I think this is some arbitrary file and it is looking
for it in the document root of the httpd server. Correct? and that I would
have to unprotect the document root (no matter what I directory I make the
root) which basically boils down to removing the .htaccess or go through a
weeks worth of correcting relative links.

I'm hoping that somebody has a better suggestion and also what is this file
and why is it that MS Word is the only application wanting this?

Tx






---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message