You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by La...@cle.philips.com on 2002/06/03 18:42:15 UTC
MS Word, .htaccess & Passwords
I'm running RH 7.2 with Apache 1.3.22-2. My document root is at
/usr/local/httpd/html. CGI resides at /usr/local/httpd. My .htaccess file
is located also in the /usr/local/httpd directory because I need to have
the env of REMOTE_USER passed to some of my CGI scripts. All this works
fine.
I have users directories at /home. So when a user has a word document and
someone tries to access it, the browser puts up the "enter network
password" box. You can click OK to the empty box or hit cancel and the .doc
file proceeds to open. This type of scenario also happens in the protected
area of the tree structure. The curious thing is that I have seen this only
occur with MS word documents. It doesn't happen with pdf files, text files,
etc.
I have checked the mime types and played with the httpd.conf file till I'm
blue. The only thing that I have found to get passed this trouble is to
remove the .htaccess I am open to any and all suggestions to resolve this
quirk while maintaining the security of .htaccess.
tx
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: MS Word, .htaccess & Passwords
Posted by Joshua Slive <jo...@slive.ca>.
On Mon, 3 Jun 2002 Lad.Gaal@cle.philips.com wrote:
> I have users directories at /home. So when a user has a word document and
> someone tries to access it, the browser puts up the "enter network
> password" box. You can click OK to the empty box or hit cancel and the .doc
> file proceeds to open. This type of scenario also happens in the protected
> area of the tree structure. The curious thing is that I have seen this only
> occur with MS word documents. It doesn't happen with pdf files, text files,
> etc.
>
> I have checked the mime types and played with the httpd.conf file till I'm
> blue. The only thing that I have found to get passed this trouble is to
> remove the .htaccess I am open to any and all suggestions to resolve this
> quirk while maintaining the security of .htaccess.
This sounds like typical MS-brain-dead behvior. My guess: MSIE is looking
for frontpage extensions or some such thing to see if it will give
"publishing" access to the word document. It looks for these files under
the document root. If you didn't have authentication, they would just be
"not found", but since you have authentication, the server must ask for
auth before it can confirm that.
Solutions? Well, you can check your access log for the particular files
that MS is looking for and deliberately unprotect those locations. (You
won't have any files there, but if you unprotect the relevant directory,
you should be able to stop the password prompt.)
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org