You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Wagner, Aaron" <aa...@bankofamerica.com> on 2004/06/08 17:32:47 UTC

[users@httpd] Apache security help

Server Version: Apache/2.0.43 (Win32) PHP/4.3.0 
Server Built: Dec 25 2002 18:12:51 

###document root in httpd.conf#############
<Directory "D:/APPS/Apache2Web/esysProd">
	Options -Indexes FollowSymLinks +ExecCGI	
	AllowOverride All	
	Require valid-user
</Directory>
############################

I have the document root set to Require valid-user and I have a directory below root that I need to allow all without password.  I tried to add a .htaccess file but it still asks for a password when they go directly to the link.
http://esystems.bank.com/Tools/_MgmtTurnover/DCSMgrRowLog_Curr_and_Open.php

Directory - D:/APPS/Apache2Web/esysProd/tools/_MgmtTurnover


### .htaccess in _MgmtTurnover #############

AuthName "eSys_Website - use 'guest' and 'password' for guest access"
AuthType Basic
AuthDBMGroupFile d:\security\esystest
AuthDBMUserFile d:\security\esystest
allow from all

####################

Any help is appreciated

Aaron N Wagner


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache security help

Posted by Joshua Slive <jo...@slive.ca>.

On Tue, 8 Jun 2004, Wagner, Aaron wrote:
> I have the document root set to Require valid-user and I have a 
> directory below root that I need to allow all without password.  I tried 
> to add a .htaccess file but it still asks for a password when they go 
> directly to the link.

Use
Satisfy Any
Allow from all

But be careful, because this will also defeat any host-based access 
restrictions.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org