You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Justin French <ju...@indent.com.au> on 2002/04/22 17:10:42 UTC
newbie: .htaccess files being ignored
Hi all,
I thought I'd found my answer when I found this FAQ:
http://httpd.apache.org/docs/misc/FAQ.html#htaccess-work
But, I'm still not having any luck.
I have a simple .htaccess file which DOES work on my ISPs server, but not on
my office test server.
<Files ~ "\.inc$">
Order Allow,Deny
Deny from all
</Files>
As per the FAQ, I changed the AllowOverride to All (in the view of changing
it to something more secure later) in my httpd.conf file
<Directory "/usr/local/apache/htdocs">
#other stuff
AllowOverride All
#other stuff
</Directory>
Which in my limited understanding of httpd.conf and Apache, should allow
.htaccess files in my doc root to override the base settings, which should
allow the above .htaccess file to work, returning a 403 for *.inc files.
Are there some other lines in the config file, or some other FAQs / URLs I
should look at???
Many thanks in advance,
Justin French
--------------------
Creative Director
http://Indent.com.au
--------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: problem with authentication while doing a redirect
Posted by Jason <jt...@cartmanager.net>.
Thank you...
worked like a charm.
----- Original Message -----
From: "Joshua Slive" <jo...@slive.ca>
To: <us...@httpd.apache.org>
Sent: Monday, April 22, 2002 9:28 AM
Subject: Re: problem with authentication while doing a redirect
> Jason wrote:
> > I have a conf file with
> > <Location /cgi-bin/viewOrder.cgi>
>
> > When I try to access each location, it requires authentication as expected. However when I add the line
> > ScriptAliasMatch ^/orders/jter/(.*?)$ /home/vshopper/public_html/cgi-bin/viewOrder.cgi
> > into my virtualhost it does not require ANY authentication for anything that matches the pattern...
> >
> > Does anybody know why this happens, and can you give me some advice in getting it to authenticate properly with the alias.
>
> <Location> matches against URLs only. If the client isn't requesting a
> URL that looks like http://yoursite.example.com/cgi-bin/viewOrder.cgi,
> then that <Location> section doesn't do anything. What you probably want is
> <Directory /home/vshopper/public_html/cgi-bin/>
> <Files viewOrder.cgi>
> require ...
> </Files>
> </Directory>
> which is much safer anyway.
>
> Joshua.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: problem with authentication while doing a redirect
Posted by Joshua Slive <jo...@slive.ca>.
Jason wrote:
> I have a conf file with
> <Location /cgi-bin/viewOrder.cgi>
> When I try to access each location, it requires authentication as expected. However when I add the line
> ScriptAliasMatch ^/orders/jter/(.*?)$ /home/vshopper/public_html/cgi-bin/viewOrder.cgi
> into my virtualhost it does not require ANY authentication for anything that matches the pattern...
>
> Does anybody know why this happens, and can you give me some advice in getting it to authenticate properly with the alias.
<Location> matches against URLs only. If the client isn't requesting a
URL that looks like http://yoursite.example.com/cgi-bin/viewOrder.cgi,
then that <Location> section doesn't do anything. What you probably want is
<Directory /home/vshopper/public_html/cgi-bin/>
<Files viewOrder.cgi>
require ...
</Files>
</Directory>
which is much safer anyway.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
problem with authentication while doing a redirect
Posted by Jason <jt...@cartmanager.net>.
I have a conf file with
<Location /cgi-bin/viewOrder.cgi>
PerlAuthenHandler ApacheAuthentication
AuthName realm
AuthType Basic
Require valid-user
Order deny,allow
Deny from all
allow from 207.173.85.
</Location>
<Directory /home/vshopper/public_html/userpages/orders/*>
Options Indexes FollowSymLinks
IndexOptions NameWidth=30 DescriptionWidth=38
IndexOrderDefault Descending Date
AllowOverride Indexes AuthConfig
SSLRequireSSL
</Directory>
When I try to access each location, it requires authentication as expected. However when I add the line
ScriptAliasMatch ^/orders/jter/(.*?)$ /home/vshopper/public_html/cgi-bin/viewOrder.cgi
into my virtualhost it does not require ANY authentication for anything that matches the pattern...
Does anybody know why this happens, and can you give me some advice in getting it to authenticate properly with the alias.
Thank you.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: newbie: .htaccess files being ignored
Posted by Joshua Slive <jo...@slive.ca>.
Justin French wrote:
> Hi all,
>
> I thought I'd found my answer when I found this FAQ:
> http://httpd.apache.org/docs/misc/FAQ.html#htaccess-work
>
> But, I'm still not having any luck.
Debugging steps:
1. Start with a *really* simply .htaccess:
Order allow,deny
deny from all
2. What is the exact full pathname to your .htaccess file?
3. Are there any symbolic links or other funny business in the path?
4. Do: "grep AllowOverride httpd.conf" and make sure you know what each
directive is doing.
5. Are you sure you are editting the correct copy of httpd.conf and
restarting the server after making changes?
Jsohua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: newbie: .htaccess files being ignored
Posted by Owen Boyle <ob...@bourse.ch>.
Justin French wrote:
>
> Sorry for solving my own problem, but I didn't know I needed to restart
> apache for the new config to kick in.
>
> It's now working.
>
> New question: for this to work on a .htaccess level,
> > <Files ~ "\.inc$">
> > Order Allow,Deny
> > Deny from all
> > </Files>
>
> Do I really need httpd.conf to have
>
> > <Directory "/usr/local/apache/htdocs">
> > AllowOverride All
> > </Directory>
>
> Or can I get away with a more restrictive statement...
>
> AllowOverride "something", rather than "All" or "None"
Now that you got your server running, why not look at the doc-page for
AllowOverride to see what "something" can be :-) Follow the links for
documentation from the "It Works!" page...
Rgds,
Owen Boyle.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: newbie: .htaccess files being ignored
Posted by Justin French <ju...@indent.com.au>.
Sorry for solving my own problem, but I didn't know I needed to restart
apache for the new config to kick in.
It's now working.
New question: for this to work on a .htaccess level,
> <Files ~ "\.inc$">
> Order Allow,Deny
> Deny from all
> </Files>
Do I really need httpd.conf to have
> <Directory "/usr/local/apache/htdocs">
> AllowOverride All
> </Directory>
Or can I get away with a more restrictive statement...
AllowOverride "something", rather than "All" or "None"
???
Many thanks,
Justin French
on 23/04/02 1:10 AM, Justin French (justin@indent.com.au) wrote:
> Hi all,
>
> I thought I'd found my answer when I found this FAQ:
> http://httpd.apache.org/docs/misc/FAQ.html#htaccess-work
>
> But, I'm still not having any luck.
>
> I have a simple .htaccess file which DOES work on my ISPs server, but not on
> my office test server.
>
> <Files ~ "\.inc$">
> Order Allow,Deny
> Deny from all
> </Files>
>
>
> As per the FAQ, I changed the AllowOverride to All (in the view of changing
> it to something more secure later) in my httpd.conf file
>
> <Directory "/usr/local/apache/htdocs">
> #other stuff
> AllowOverride All
> #other stuff
> </Directory>
>
> Which in my limited understanding of httpd.conf and Apache, should allow
> .htaccess files in my doc root to override the base settings, which should
> allow the above .htaccess file to work, returning a 403 for *.inc files.
>
>
> Are there some other lines in the config file, or some other FAQs / URLs I
> should look at???
>
>
> Many thanks in advance,
>
> Justin French
> --------------------
> Creative Director
> http://Indent.com.au
> --------------------
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org