You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by kloomis <kl...@it-resources.com> on 2005/12/05 17:59:10 UTC
[users@httpd] Odd .htaccess problem
Hello:
I have an odd problem with htaccess. It takes two passes at the logon to
gain access to the directory - same user name and password for each.
The directory structure is this: www/graphs
There is an .htaccess file in www/graphs with the following entries:
AuthName Graphs
AuthType Basic
AuthUserFile www/graphs/.htpasswd
Required valid-user
The .htpasswd file consists of a user name and an encrypted password.
There _is_ an .htaccess file in www. But it has no Required or AuthUserFile
entries.
If I remove the .htaccess file in www/graphs, I get access without any
authorization required.
Ken
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Odd .htaccess problem
Posted by kloomis <kl...@it-resources.com>.
Saurabh, thanks for your reply.
At 10:47 PM 12/5/2005 +0530, you wrote:
>On 12/5/05, kloomis
><<m...@it-resources.com> wrote:
>>I have an odd problem with htaccess. It takes two passes at the logon to
>>gain access to the directory - same user name and password for each.
>
>This might sound weird, but what client are you using?
I see the same behavior in IE6 on Windows and Firefox on Windows and Linux.
>Are there any redirections or does the page includes something from
>another directory?
No, it's a single php file.
>On another note, it generally is not a good idea to keep the password file
>in a web accessible location.
That's sounds like good advice.
Thanks.
--Ken
Re: [users@httpd] Odd .htaccess problem
Posted by Joshua Slive <js...@gmail.com>.
On 12/6/05, kloomis <kl...@it-resources.com> wrote:
> At 02:47 PM 12/5/2005 -0500, you wrote:
>
> On 12/5/05, kloomis <kl...@it-resources.com> wrote:
> > Hello:
> >
> > I have an odd problem with htaccess. It takes two passes at the logon to
> > gain access to the directory - same user name and password for each.
>
> http://httpd.apache.org/docs/1.3/misc/FAQ.html#prompted-twice
> Josua: Thank you for the reference. Indeed, using a trailing slash
> removes the second authorization request. I do not understand the
> directions relating to the ServerName, though. As far as I can tell there
> is no ServerName directive in .htaccess. This system sits on an ISP so I
> don't have access to the httpd config file.
Then you're screwed ;-)
This can only be fixed in httpd.conf. Most sites (and the default
apache configuration) now use "UseCanonicalName off" to avoid problems
like this, so you might try asking your isp to change the
configuration.
Other than that, you might be able to do something obscure like
putting your auth directives inside a <FilesMatch .+> ...
</FilesMatch> section to try to prevent them from acting on the
request before the redirect. I don't know if that will work or not.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Odd .htaccess problem
Posted by kloomis <kl...@it-resources.com>.
At 02:47 PM 12/5/2005 -0500, you wrote:
>On 12/5/05, kloomis <kl...@it-resources.com> wrote:
> > Hello:
> >
> > I have an odd problem with htaccess. It takes two passes at the logon to
> > gain access to the directory - same user name and password for each.
>
>http://httpd.apache.org/docs/1.3/misc/FAQ.html#prompted-twice
Josua: Thank you for the reference. Indeed, using a trailing slash
removes the second authorization request. I do not understand the
directions relating to the ServerName, though. As far as I can tell there
is no ServerName directive in .htaccess. This system sits on an ISP so I
don't have access to the httpd config file.
Thanks,
Ken
Re: [users@httpd] Odd .htaccess problem
Posted by Saurabh Bathe <sb...@gmail.com>.
On 12/5/05, kloomis <kl...@it-resources.com> wrote:
>
> Hello:
>
> I have an odd problem with htaccess. It takes two passes at the logon to
> gain access to the directory - same user name and password for each.
This might sound weird, but what client are you using?
Are there any redirections or does the page includes something from another
directory?
I have seen this happening when the client does not resend the password
information.
On another note, it generally is not a good idea to keep the password file
in a web accessible location.
--Saurabh
Re: [users@httpd] Odd .htaccess problem
Posted by Joshua Slive <js...@gmail.com>.
On 12/5/05, kloomis <kl...@it-resources.com> wrote:
> Hello:
>
> I have an odd problem with htaccess. It takes two passes at the logon to
> gain access to the directory - same user name and password for each.
http://httpd.apache.org/docs/1.3/misc/FAQ.html#prompted-twice
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org