You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Jean-Philippe BATTU <je...@bull.net> on 2004/12/02 16:02:08 UTC

[users@httpd] Protected directories by access.conf not visible

Hello

I use httpd 2.0.46 on a linux box and I set up
/etc/httpd/conf.d/access.conf file with the following:

<Directory /var/www/html/livraison/rep1>
AuthType Basic
AuthName "myuser"
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
AuthUserFile /etc/httpd/conf.d/filepwd
AuthGroupFile /etc/httpd/conf.d/filegrp
require group mygroup
require user myuser
</Directory>

My DocumentRoot is setup to /var/www/html and I noticed
the directory "rep1" is not visible when I try to browse the URL
http://my_linux_box/livraison/rep1

If I remove access.conf, the directory may be visible

Could you tell me how I could see this directory in the browser
without losing the secure protection I need ?

Thanks for your help

Cheers

Jean-Philippe BATTU
Grenoble




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Protected directories by access.conf not visible

Posted by Joshua Slive <js...@gmail.com>.

On Thu, 02 Dec 2004 16:35:05 +0100, Jean-Philippe BATTU
<je...@bull.net> wrote:
> 
> Hi Tim !
> 
> Thanks for your quick help
> 
> "rep1" is not visible means I can't see the rep1 in my brower
> when I try to browse the directory where rep1 is. I can see the
> other directories because I don't have index.html file at the same
> level as rep1.
> 
> What should happen ?
> I would like to see this directory and when I click on it, a window
> should be popup to ask me the password. Note if I type the full
> url:  http://my_linux_box/livraison/rep1, a window popup appears
> and apache asked me the passwd. Therefore ? I can enter in this
> directory

This was a security change made in apache 2.  It is not, in general, a
good idea to reveal the existence of secured areas that people don't
have the right to access.

In 2.1 (the development version), there is an option to turn this off
with the "ShowForbidden" IndexOption:
http://httpd.apache.org/docs-2.1/mod/mod_autoindex.html#indexoptions

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Protected directories by access.conf not visible

Posted by Jean-Philippe BATTU <je...@bull.net>.

Hi Tim !

Thanks for your quick help

"rep1" is not visible means I can't see the rep1 in my brower
when I try to browse the directory where rep1 is. I can see the
other directories because I don't have index.html file at the same
level as rep1.

What should happen ?
I would like to see this directory and when I click on it, a window
should be popup to ask me the password. Note if I type the full
url:  http://my_linux_box/livraison/rep1, a window popup appears
and apache asked me the passwd. Therefore ? I can enter in this
directory

I can't see nothing in the error log file error.log...

Cheers !

Jean-Philippe BATTU
Grenoble



Tim Burden wrote:

> What do you  mean by 'directory "rep1" is not visible'?
>
> What happens? What should happen?
>
> What do you see in the error log?
>
> ----- Original Message -----
> From: "Jean-Philippe BATTU" <je...@bull.net>
> To: <us...@httpd.apache.org>
> Sent: Thursday, December 02, 2004 10:02 AM
> Subject: [users@httpd] Protected directories by access.conf not visible
>
> >
> > Hello
> >
> > I use httpd 2.0.46 on a linux box and I set up
> > /etc/httpd/conf.d/access.conf file with the following:
> >
> > <Directory /var/www/html/livraison/rep1>
> > AuthType Basic
> > AuthName "myuser"
> > Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
> > AuthUserFile /etc/httpd/conf.d/filepwd
> > AuthGroupFile /etc/httpd/conf.d/filegrp
> > require group mygroup
> > require user myuser
> > </Directory>
> >
> > My DocumentRoot is setup to /var/www/html and I noticed
> > the directory "rep1" is not visible when I try to browse the URL
> > http://my_linux_box/livraison/rep1
> >
> > If I remove access.conf, the directory may be visible
> >
> > Could you tell me how I could see this directory in the browser
> > without losing the secure protection I need ?
> >
> > Thanks for your help
> >
> > Cheers
> >
> > Jean-Philippe BATTU
> > Grenoble
> >
> >


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Protected directories by access.conf not visible

Posted by Tim Burden <ti...@burden.ca>.

What do you  mean by 'directory "rep1" is not visible'?

What happens? What should happen?

What do you see in the error log?

----- Original Message ----- 
From: "Jean-Philippe BATTU" <je...@bull.net>
To: <us...@httpd.apache.org>
Sent: Thursday, December 02, 2004 10:02 AM
Subject: [users@httpd] Protected directories by access.conf not visible


>
> Hello
>
> I use httpd 2.0.46 on a linux box and I set up
> /etc/httpd/conf.d/access.conf file with the following:
>
> <Directory /var/www/html/livraison/rep1>
> AuthType Basic
> AuthName "myuser"
> Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
> AuthUserFile /etc/httpd/conf.d/filepwd
> AuthGroupFile /etc/httpd/conf.d/filegrp
> require group mygroup
> require user myuser
> </Directory>
>
> My DocumentRoot is setup to /var/www/html and I noticed
> the directory "rep1" is not visible when I try to browse the URL
> http://my_linux_box/livraison/rep1
>
> If I remove access.conf, the directory may be visible
>
> Could you tell me how I could see this directory in the browser
> without losing the secure protection I need ?
>
> Thanks for your help
>
> Cheers
>
> Jean-Philippe BATTU
> Grenoble
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org