You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Justin French <ju...@indent.com.au> on 2002/04/22 17:10:42 UTC

newbie: .htaccess files being ignored

Hi all,

I thought I'd found my answer when I found this FAQ:
http://httpd.apache.org/docs/misc/FAQ.html#htaccess-work

But, I'm still not having any luck.

I have a simple .htaccess file which DOES work on my ISPs server, but not on
my office test server.

<Files ~ "\.inc$">
    Order Allow,Deny
    Deny from all
</Files>


As per the FAQ, I changed the AllowOverride to All (in the view of changing
it to something more secure later) in my httpd.conf file

<Directory "/usr/local/apache/htdocs">
    #other stuff
    AllowOverride All
    #other stuff
</Directory>

Which in my limited understanding of httpd.conf and Apache, should allow
.htaccess files in my doc root to override the base settings, which should
allow the above .htaccess file to work, returning a 403 for *.inc files.


Are there some other lines in the config file, or some other FAQs / URLs I
should look at???


Many thanks in advance,

Justin French
--------------------
Creative Director
http://Indent.com.au
--------------------


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: problem with authentication while doing a redirect

Posted by Jason <jt...@cartmanager.net>.

Thank you...

worked like a charm.


----- Original Message ----- 
From: "Joshua Slive" <jo...@slive.ca>
To: <us...@httpd.apache.org>
Sent: Monday, April 22, 2002 9:28 AM
Subject: Re: problem with authentication while doing a redirect


> Jason wrote:
> > I have a conf file with
> > <Location /cgi-bin/viewOrder.cgi>
> 
> > When I try to access each location, it requires authentication as expected.  However when I add the line
> > ScriptAliasMatch ^/orders/jter/(.*?)$ /home/vshopper/public_html/cgi-bin/viewOrder.cgi
> > into my virtualhost it does not require ANY authentication for anything that matches the pattern...
> > 
> > Does anybody know why this happens, and can you give me some advice in getting it to authenticate properly with the alias.
> 
> <Location> matches against URLs only.  If the client isn't requesting a 
> URL that looks like http://yoursite.example.com/cgi-bin/viewOrder.cgi, 
> then that <Location> section doesn't do anything.  What you probably want is
> <Directory /home/vshopper/public_html/cgi-bin/>
> <Files viewOrder.cgi>
> require ...
> </Files>
> </Directory>
> which is much safer anyway.
> 
> Joshua.
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: problem with authentication while doing a redirect

Posted by Joshua Slive <jo...@slive.ca>.

Jason wrote:
> I have a conf file with
> <Location /cgi-bin/viewOrder.cgi>

> When I try to access each location, it requires authentication as expected.  However when I add the line
> ScriptAliasMatch ^/orders/jter/(.*?)$ /home/vshopper/public_html/cgi-bin/viewOrder.cgi
> into my virtualhost it does not require ANY authentication for anything that matches the pattern...
> 
> Does anybody know why this happens, and can you give me some advice in getting it to authenticate properly with the alias.

<Location> matches against URLs only.  If the client isn't requesting a 
URL that looks like http://yoursite.example.com/cgi-bin/viewOrder.cgi, 
then that <Location> section doesn't do anything.  What you probably want is
<Directory /home/vshopper/public_html/cgi-bin/>
<Files viewOrder.cgi>
require ...
</Files>
</Directory>
which is much safer anyway.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

problem with authentication while doing a redirect

Posted by Jason <jt...@cartmanager.net>.

I have a conf file with
<Location /cgi-bin/viewOrder.cgi>
        PerlAuthenHandler ApacheAuthentication
        AuthName realm
        AuthType Basic
        Require valid-user
        Order deny,allow
        Deny from all
        allow from 207.173.85.
</Location>

<Directory /home/vshopper/public_html/userpages/orders/*>
Options Indexes FollowSymLinks
IndexOptions NameWidth=30 DescriptionWidth=38
IndexOrderDefault Descending Date
AllowOverride Indexes AuthConfig
SSLRequireSSL
</Directory>




When I try to access each location, it requires authentication as expected.  However when I add the line
ScriptAliasMatch ^/orders/jter/(.*?)$ /home/vshopper/public_html/cgi-bin/viewOrder.cgi
into my virtualhost it does not require ANY authentication for anything that matches the pattern...

Does anybody know why this happens, and can you give me some advice in getting it to authenticate properly with the alias.

Thank you.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: newbie: .htaccess files being ignored

Posted by Joshua Slive <jo...@slive.ca>.

Justin French wrote:
> Hi all,
> 
> I thought I'd found my answer when I found this FAQ:
> http://httpd.apache.org/docs/misc/FAQ.html#htaccess-work
> 
> But, I'm still not having any luck.

Debugging steps:

1. Start with a *really* simply .htaccess:
Order allow,deny
deny from all

2. What is the exact full pathname to your .htaccess file?

3. Are there any symbolic links or other funny business in the path?

4. Do: "grep AllowOverride httpd.conf" and make sure you know what each 
directive is doing.

5. Are you sure you are editting the correct copy of httpd.conf and 
restarting the server after making changes?

Jsohua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: newbie: .htaccess files being ignored

Posted by Owen Boyle <ob...@bourse.ch>.

Justin French wrote:
> 
> Sorry for solving my own problem, but I didn't know I needed to restart
> apache for the new config to kick in.
> 
> It's now working.
> 
> New question: for this to work on a .htaccess level,
> > <Files ~ "\.inc$">
> > Order Allow,Deny
> > Deny from all
> > </Files>
> 
> Do I really need httpd.conf to have
> 
> > <Directory "/usr/local/apache/htdocs">
> > AllowOverride All
> > </Directory>
> 
> Or can I get away with a more restrictive statement...
> 
> AllowOverride "something", rather than "All" or "None"

Now that you got your server running, why not look at the doc-page for
AllowOverride to see what "something" can be :-) Follow the links for
documentation from the "It Works!" page...

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: newbie: .htaccess files being ignored

Posted by Justin French <ju...@indent.com.au>.

Sorry for solving my own problem, but I didn't know I needed to restart
apache for the new config to kick in.

It's now working.

New question: for this to work on a .htaccess level,
> <Files ~ "\.inc$">
> Order Allow,Deny
> Deny from all
> </Files>

Do I really need httpd.conf to have

> <Directory "/usr/local/apache/htdocs">
> AllowOverride All
> </Directory>

Or can I get away with a more restrictive statement...

AllowOverride "something", rather than "All" or "None"

???


Many thanks,

Justin French




on 23/04/02 1:10 AM, Justin French (justin@indent.com.au) wrote:

> Hi all,
> 
> I thought I'd found my answer when I found this FAQ:
> http://httpd.apache.org/docs/misc/FAQ.html#htaccess-work
> 
> But, I'm still not having any luck.
> 
> I have a simple .htaccess file which DOES work on my ISPs server, but not on
> my office test server.
> 
> <Files ~ "\.inc$">
> Order Allow,Deny
> Deny from all
> </Files>
> 
> 
> As per the FAQ, I changed the AllowOverride to All (in the view of changing
> it to something more secure later) in my httpd.conf file
> 
> <Directory "/usr/local/apache/htdocs">
> #other stuff
> AllowOverride All
> #other stuff
> </Directory>
> 
> Which in my limited understanding of httpd.conf and Apache, should allow
> .htaccess files in my doc root to override the base settings, which should
> allow the above .htaccess file to work, returning a 403 for *.inc files.
> 
> 
> Are there some other lines in the config file, or some other FAQs / URLs I
> should look at???
> 
> 
> Many thanks in advance,
> 
> Justin French
> --------------------
> Creative Director
> http://Indent.com.au
> --------------------
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org