You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by bdogg <bd...@attbi.com> on 2002/03/13 11:37:20 UTC
.htaccess files
Hello, I was wondering if anyone had encountered some of the same
problems I have been running into with .htaccess files on a window's
machine.
I have tried to search to see if this has been reported as a bug yet,
but there's so much info it's hard to search properly, maybe someone can
tell me if it hasn't been reported yet.
I was using Apache2.0.28 and had AllowOverride AuthConfig Limit Options
in my <directory> settings in httpd.conf. Because windows freaks out
when you name a file .htaccess, I set it up as ht.access and ht.passwd.
First problem, when I edited httpd.conf so that clients could not see
ht. files, I would get an internal server error when I went to the
private dir, instead of a login box popping up. This error would report
that I had no access to view the files.
So I turned off the hiding of ht. files and moved right along.
Here is a copy of my ht.access file:
AuthUserFile C:\WWW\private\ht.passwd
AuthName "The Secret Page"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
Second problem, I would open a browser and type localhost into the URL
bar and I was taken to my AutoIndexing ServerRoot directory. But my
private dir was not listed (Maybe a feature, I don't know.) So I went
ahead and type http://localhost/private in the URL bar and I received my
login prompt. After filling in the correct username and password (I did
NOT check the box to remember my password) I was taken to an IE error
page reporting either a DNS error, or no server was at the URL I
specified. Refresh did nothing. I pressed "back" on IE and was taken
back to my server root, where my private folder was now listed.
Clicking on it I was taken into the folder with no prompt for
authentication at all, remember, windows did not remember my password.
The only thing I could do was to close IE, and reopen it, in which case
the process would start all over again.
I reluctantly downgraded to 1.3.32 and my .htaccess files work just fine
now with no editing.
Some info about the machine:
Windows XP Professional
Apache 2.0.28
Intel Pentium 3 800
256 MB of RAM
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: .htaccess files
Posted by Joshua Slive <jo...@slive.ca>.
bdogg wrote:
>>What EXACTLY does the error log say?
>
>
> [Tue Mar 12 13:45:34 2002] [error] [client 192.168.0.222] client denied
> by server configuration: C:/Program Files/Apache
> Group/Apache2/error/HTTP_UNAUTHORIZED.html.var
>
Try removing the ErrorDocument 401 directive from httpd.conf.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: .htaccess files
Posted by bdogg <bd...@attbi.com>.
> > First problem, when I edited httpd.conf so that clients
> could not see
> > ht. files, I would get an internal server error when I went to the
> > private dir, instead of a login box popping up. This error would
> > report that I had no access to view the files.
>
> What EXACTLY does the error log say?
[Tue Mar 12 13:45:34 2002] [error] [client 192.168.0.222] client denied
by server configuration: C:/Program Files/Apache
Group/Apache2/error/HTTP_UNAUTHORIZED.html.var
>
> >
> > So I turned off the hiding of ht. files and moved right along.
> >
> > Here is a copy of my ht.access file:
> >
> > AuthUserFile C:\WWW\private\ht.passwd
> > AuthName "The Secret Page"
> > AuthType Basic
> >
> > <Limit GET POST>
> > require valid-user
> > </Limit>
>
> Why do you have the <Limit GET POST> and </Limit> lines? Do
> you want to
> ALLOW PUT, DELETE, etc?
I don't know all the options, I was just following a simple howto, and
that was a copy/paste.
>
> >
> > Second problem, I would open a browser and type localhost
> into the URL
> > bar and I was taken to my AutoIndexing ServerRoot
> directory. But my
> > private dir was not listed (Maybe a feature, I don't know.)
>
> Yes, a feature. You don't want to disclose the existance of
> resources
> to people who aren't allowed to see them.
>
Well, I installed Apache 1.3.32 and the private dir WAS AutoIndexed,
guess a feature for Apache2
> > So I went
> > ahead and type http://localhost/private in the URL bar and
> I received
> > my login prompt. After filling in the correct username and
> password
> > (I did NOT check the box to remember my password) I was
> taken to an IE
> > error page reporting either a DNS error, or no server was
> at the URL I
> > specified.
>
> Do you have ServerName set correctly in httpd.conf?
I do.
Just to verify though, I installed Apache 1.3.32 and used the same
.htacces file, recreated a .htpasswd file, and used the same httpd.conf
file I used for Apache2 (save for a couple IndexOptions I had to remove
from the httpd.conf file to get it to work for Apache1 ie SuppressIcon)
and the user authentication goes off without a hitch. I was just
thinking it might be bugged in Apache2.
>
> Joshua.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project. See
> <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: .htaccess files
Posted by Joshua Slive <jo...@slive.ca>.
bdogg wrote:
> First problem, when I edited httpd.conf so that clients could not see
> ht. files, I would get an internal server error when I went to the
> private dir, instead of a login box popping up. This error would report
> that I had no access to view the files.
What EXACTLY does the error log say?
>
> So I turned off the hiding of ht. files and moved right along.
>
> Here is a copy of my ht.access file:
>
> AuthUserFile C:\WWW\private\ht.passwd
> AuthName "The Secret Page"
> AuthType Basic
>
> <Limit GET POST>
> require valid-user
> </Limit>
Why do you have the <Limit GET POST> and </Limit> lines? Do you want to
ALLOW PUT, DELETE, etc?
>
> Second problem, I would open a browser and type localhost into the URL
> bar and I was taken to my AutoIndexing ServerRoot directory. But my
> private dir was not listed (Maybe a feature, I don't know.)
Yes, a feature. You don't want to disclose the existance of resources
to people who aren't allowed to see them.
> So I went
> ahead and type http://localhost/private in the URL bar and I received my
> login prompt. After filling in the correct username and password (I did
> NOT check the box to remember my password) I was taken to an IE error
> page reporting either a DNS error, or no server was at the URL I
> specified.
Do you have ServerName set correctly in httpd.conf?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org