[ale] .htaccess

Alex LeDonne aledonne.listmail at gmail.com
Wed Jan 9 17:59:28 EST 2008


On Jan 9, 2008 5:53 PM, Christopher Fowler <cfowler at outpostsentinel.com> wrote:
> Now that I've been playing around with Apache on our support server I'm
> wanting to close some directories via .htaccess.
>
> I've done the following
>
> 1.  Added .htaccess to ~user/directory_to_hide/.htaccess
>
> AuthUserFile .htpasswd
> AuthGroupFile /dev/null
> AuthName "Books"
>
> AuthType Basic
>
> <Limit GET>
> order deny,allow
> require valid-user
> </Limit>
>
> 2.  I've created ~user/directory_to_hide/.htpasswd
> user:password
>
>
> The problem I have is that Apache seems to ignore this file
>
> Do I need to modify the conf file to tell Apache to respect these?
>
> Chris
>

Two things:
1/ For security, don't put your .htpasswd in a web-accessible
directory; put it somewhere else on the filesystem.
2/ According to
http://httpd.apache.org/docs/2.0/mod/mod_auth.html#authuserfile
"File-path is the path to the user file. If it is not absolute (i.e.,
if it doesn't begin with a slash), it is treated as relative to the
ServerRoot." - not relative to the location of the .htaccess file.
(Same deal in Apache 1.3.)

-A



More information about the Ale mailing list