You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/06/22 00:29:27 UTC

DO NOT REPLY [Bug 20989] New: - .htaccess not hitting AuthUserFile with virtual hosts

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20989>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=20989

.htaccess not hitting AuthUserFile with virtual hosts

           Summary: .htaccess not hitting AuthUserFile with virtual hosts
           Product: Apache httpd-1.3
           Version: 1.3.27
          Platform: PC
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Auth/Access
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: jcwren@jcwren.com


.htaccess authorization is failing to work with virtual hosts.  I have
approximately 220 virtual hosts running on a vanilla Apache system.  Users create
.htaccess files, which are honored by the server.  However, the AuthUserFile's
are never accessed by the server for verification.  I have conducted a number of
tests to come to this conclusion, including comparing the behavior to a system
with out virtual hosts.  Monitoring the access times on the .htaccess and
.htpasswd files shows that Apache is hitting the .htaccess file, but regardless
of where the .htpasswd file is placed, it is never accessed.  All the usual
suspects have been checked, permissions, httpd.conf, etc.

According to some Google searching, I am not the only user experiencing
difficulties like this.  The error log shows (assuming we're using user
'testme', and the directory being protected is '/test' off the DocumentRoot)
"User testme not found: /test".  In the .htaccess file, I've tried absolute
paths, relative paths from DocumentRoot, etc.  Including placing a .htpasswd
file in /tmp, which is world readable and writeable.

I will be happy to apply suggestions for debugging, and test any patches.  This
is on a Debian system with a 2.4.18 kernel.  Using the search string "apache
user not found .htaccess recoil" in Google will show a user with an identical
problem (first hit, you'll have to look at the cache link, or trying this URL:
www.experts-exchange.com/Operating_Systems/
Linux/Linux_Administration/Q_20639239.html)

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org