www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Quynh-Giao Tran <g...@r2d2.ed.gov>
Subject Re: mod_auth-any/863: Server bypass .htaccess files authorization configuration in access.conf file.
Date Mon, 14 Jul 1997 15:19:09 GMT

I am sorry if I was unclear before.  I have the latest version (1.2.1)
installed on our server.  My document root is /ftp/www.  I wish to limit
user access to /ftp/www/Program/setform directory by creating a .htaccess
file in that directory.  The .htaccess is as follows:

AuthUserFile /usr/local/etc/httpd/conf/priv.passwd
AuthName Vader 
AuthType Basic

<Limit FORM POST GET>
order deny,allow
deny from all
allow from ed.gov dsti.com
require user setform
</Limit>

To test the .htaccess file, I remove the "allow" line completely and I
was still able to access the /ftp/www/Programs/setform
(http://vader.ed.gov/Programs/setform/) directory.  If I use the same
.htaccess file and put it under my home directory
(/export/home/giao/public_html), then it would work.

Next, I tried to put move the configuration from the .htaccess file to
access.conf file.  Below is my access.conf file:


   <Directory /ftp/www>
   Options Indexes FollowSymLinks

   AllowOverride None

   order allow,deny 
   allow from all

   </Directory>

   <Directory /usr/local/etc/httpd/cgi-bin>
   AllowOverride None
   Options None
   </Directory>

   <Location /ftp/www/Programs/setform>

   AuthUserFile /usr/local/etc/httpd/conf/priv.passwd
   AuthName Vader 
   AuthType Basic

   <Limit POST GET>
   order deny,allow
   deny from all
   allow from ed.gov dsti.com
   require user setform
   </Limit>

   </Location>

I tried "Kill -HUP" and I also tried killing all the server and restart.

I would appreciate your help in this matter.  Thanks.

Giao Tran


On Mon, 14 Jul 1997, Marc Slemko wrote:

> Synopsis: Server bypass .htaccess files authorization configuration in access.conf file.
> 
> State-Changed-From-To: open-analyzed
> State-Changed-By: marc
> State-Changed-When: Mon Jul 14 07:54:12 PDT 1997
> State-Changed-Why:
> I'm sorry, I can not even begin to understand what you are
> talking about.  I can assure you that the server doesn't
> magically bypass access restrictions.  If we are to have
> any hope of helping, you need to say exactly what you are
> doing and what you think it should do.
> 
> 




Mime
View raw message