You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Stephen Fitzgerald <sj...@twpo.com.au> on 1997/03/18 04:50:03 UTC
config/239: Directory config inconsistent
The contract type is `' with a response time of 3 business hours.
A first analysis should be sent before: Tue Mar 18 11:00:00 PST 1997
>Number: 239
>Category: config
>Synopsis: Directory config inconsistent
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Mar 17 19:50:00 1997
>Originator: sjf@twpo.com.au
>Organization:
apache
>Release: 1.2b7
>Environment:
Linux 3.0.3, kernel 2.0.18, gcc 2.7.2
Netscape 3.0.1 Gold
>Description:
I have a number of directories I need to protect. 1 protection configuration
works and the others do not.
The following configuration works as expected - only users with
password in .htpasswd file can access the directory.
# directory secured with .htaccess within directory
<Directory /home/httpd/html/prot>
Options Indexes FollowSymlinks
AllowOverride AuthConfig
AuthUserFile /etc/httpd/conf/.htpasswd
AuthGroupFile /etc/httpd/conf/.htgroup
AuthName Password
AuthType Basic
require group all-the-users
<Limit GET PUT POST>
order deny,allow
deny from all
allow from twpo.com.au, defence.gov.au
</Limit>
</Directory>
The following protection config does not work.
<Directory /home/httpd/html/SLF/weekly-files/pp>
Options Indexes FollowSymlinks
AllowOverride All
AuthUserFile /etc/httpd/conf/.slf-man-pp
AuthGroupFile /etc/httpd/conf/.slf-managers
AuthName Password
AuthType Basic
require group all-the-managers
<Limit GET PUT POST>
order deny,allow
deny from all
allow from twpo.com.au, defence.gov.au
</Limit>
</Directory>
The only difference I can determine is that the second one is not in
the root of the server - however a move to root does not fix it.
The error log does not report anything, an incorrect passwd however is
reported. The user puts in passwd after user name and gets an
"Authorisation Failed - Retry?" message.
I have tried just about all different configs, using Files, Location but
all fail.
Any help appreciated
>How-To-Repeat:
www.twpo.com.au/prot/times.html - works OK
www.twpo.com.au/SLF/weekly-files/pp/p1_02pp.html - fails
I will create a user apache, passwd apache
>Fix:
I wish I did!%2
>Audit-Trail:
>Unformatted:
Re: config/239: Directory config inconsistent
Posted by Dean Gaudet <dg...@arctic.org>.
Just to be sure, I'll ask the obvious questions... you have put the proper
accounts into .slf-man-pp and .slf-managers?
Are there any .htaccess files in the second directory tree? (Are there any
in the first?)
BTW we can't test those links because of the domain restriction. I get
a 403 for the first and a 404 for the second.
Dean
On Mon, 17 Mar 1997, Stephen Fitzgerald wrote:
>
> The contract type is `' with a response time of 3 business hours.
> A first analysis should be sent before: Tue Mar 18 11:00:00 PST 1997
>
>
> >Number: 239
> >Category: config
> >Synopsis: Directory config inconsistent
> >Confidential: no
> >Severity: critical
> >Priority: medium
> >Responsible: apache (Apache HTTP Project)
> >State: open
> >Class: sw-bug
> >Submitter-Id: apache
> >Arrival-Date: Mon Mar 17 19:50:00 1997
> >Originator: sjf@twpo.com.au
> >Organization:
> apache
> >Release: 1.2b7
> >Environment:
> Linux 3.0.3, kernel 2.0.18, gcc 2.7.2
>
> Netscape 3.0.1 Gold
> >Description:
> I have a number of directories I need to protect. 1 protection configuration
> works and the others do not.
>
> The following configuration works as expected - only users with
> password in .htpasswd file can access the directory.
>
> # directory secured with .htaccess within directory
> <Directory /home/httpd/html/prot>
> Options Indexes FollowSymlinks
> AllowOverride AuthConfig
> AuthUserFile /etc/httpd/conf/.htpasswd
> AuthGroupFile /etc/httpd/conf/.htgroup
> AuthName Password
> AuthType Basic
> require group all-the-users
> <Limit GET PUT POST>
> order deny,allow
> deny from all
> allow from twpo.com.au, defence.gov.au
> </Limit>
> </Directory>
>
> The following protection config does not work.
>
> <Directory /home/httpd/html/SLF/weekly-files/pp>
> Options Indexes FollowSymlinks
> AllowOverride All
> AuthUserFile /etc/httpd/conf/.slf-man-pp
> AuthGroupFile /etc/httpd/conf/.slf-managers
> AuthName Password
> AuthType Basic
> require group all-the-managers
> <Limit GET PUT POST>
> order deny,allow
> deny from all
> allow from twpo.com.au, defence.gov.au
> </Limit>
>
> </Directory>
>
> The only difference I can determine is that the second one is not in
> the root of the server - however a move to root does not fix it.
>
> The error log does not report anything, an incorrect passwd however is
> reported. The user puts in passwd after user name and gets an
> "Authorisation Failed - Retry?" message.
>
> I have tried just about all different configs, using Files, Location but
> all fail.
>
> Any help appreciated
> >How-To-Repeat:
> www.twpo.com.au/prot/times.html - works OK
> www.twpo.com.au/SLF/weekly-files/pp/p1_02pp.html - fails
>
> I will create a user apache, passwd apache
>
> >Fix:
> I wish I did!%2
> >Audit-Trail:
> >Unformatted:
>
>
>