[ale] .htaccess
James Sumners
james.sumners at gmail.com
Wed Jan 9 18:04:33 EST 2008
Also, make sure the AllowOverride directive for user directories in
you httpd.conf is configured to allow .htaccess files. See
http://httpd.apache.org/docs/1.3/mod/core.html#allowoverride .
On Jan 9, 2008 5:59 PM, Alex LeDonne <aledonne.listmail at gmail.com> wrote:
> On Jan 9, 2008 5:53 PM, Christopher Fowler <cfowler at outpostsentinel.com> wrote:
> > Now that I've been playing around with Apache on our support server I'm
> > wanting to close some directories via .htaccess.
> >
> > I've done the following
> >
> > 1. Added .htaccess to ~user/directory_to_hide/.htaccess
> >
> > AuthUserFile .htpasswd
> > AuthGroupFile /dev/null
> > AuthName "Books"
> >
> > AuthType Basic
> >
> > <Limit GET>
> > order deny,allow
> > require valid-user
> > </Limit>
> >
> > 2. I've created ~user/directory_to_hide/.htpasswd
> > user:password
> >
> >
> > The problem I have is that Apache seems to ignore this file
> >
> > Do I need to modify the conf file to tell Apache to respect these?
> >
> > Chris
> >
>
> Two things:
> 1/ For security, don't put your .htpasswd in a web-accessible
> directory; put it somewhere else on the filesystem.
> 2/ According to
> http://httpd.apache.org/docs/2.0/mod/mod_auth.html#authuserfile
> "File-path is the path to the user file. If it is not absolute (i.e.,
> if it doesn't begin with a slash), it is treated as relative to the
> ServerRoot." - not relative to the location of the .htaccess file.
> (Same deal in Apache 1.3.)
>
> -A
--
James Sumners
http://james.roomfullofmirrors.com/
"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."
Missionaria Protectiva, Text QIV (decto)
CH:D 59
More information about the Ale
mailing list