access.conf alternative to .htaccess

access.conf alternative to .htaccess

Post by Stunt Po » Sat, 06 Sep 1997 04:00:00



I would like to password protect a directory *without* using an .htaccess
file in it on apache 1.2.1. The reason being I have a client who tends
to gratuitously delete things.

I could have sworn I did this once before, a long time ago, prolly when
I was using an NCSA 1.3-ish server, but i thought it still worked after
switching to apache. (I can't look at the old config `cause the box it ran
on is now technorubble)

I'm trying this in access.conf to no avail:

# You may place any other directories or locations you wish to have
# access information for after this one.

<Directory /ClientAccess/x>
AuthName  x Client Access
AuthType Basic
AuthUserFile /path/to/their/passwd/htpasswd
AuthGroupFile /dev/null

        <Limit GET POST PUT>
        order deny,allow
        deny from all
        require user x
        </Limit>
</Directory>

I'm also looking at various web docs, but they all seem to utilize the
.htaccess convention.

my news server is wonky, please cc anything via email, thx

regards, markjr

--
Mark Jeftovic (aka: Mark Jeff or Vic, Stunt Pope)
BOFH, Private World Communications www.privateworld.com

irc: L-bOMb motto: Keep `em Guessing

 
 
 

access.conf alternative to .htaccess

Post by Marc Slemk » Sat, 06 Sep 1997 04:00:00


[posted and mailed]


Quote:>I would like to password protect a directory *without* using an .htaccess
>file in it on apache 1.2.1. The reason being I have a client who tends
>to gratuitously delete things.
>I could have sworn I did this once before, a long time ago, prolly when
>I was using an NCSA 1.3-ish server, but i thought it still worked after
>switching to apache. (I can't look at the old config `cause the box it ran
>on is now technorubble)
>I'm trying this in access.conf to no avail:

Sure, no problem.  Directives work fine in the main config files.

Are you sure you are restarting Apache after changing the config file?

Does anything show up in the error log?

Quote:># You may place any other directories or locations you wish to have
># access information for after this one.
><Directory /ClientAccess/x>

Is that the real path?  You need to be sure that the path is the one
pointed to in the Apache configs; if there is a symlink or two involved,
you could have the wrong path.

Try accessing a URL inside the protected directory, but with a file
that doesn't exist.  eg. if you want to protect http://site/foo/ then
try accessing http://site/foo/adflkjlkqj.  Note what the path in
the error log is.  That is the path you need in your Directory container.

Or you can use a Location container to specify the HTTP path.

Quote:>AuthName  x Client Access
>AuthType Basic
>AuthUserFile /path/to/their/passwd/htpasswd

Be sure this is readable by the user the server runs as.

Quote:>AuthGroupFile /dev/null
>        <Limit GET POST PUT>

I have NO idea where people get the idea that they need a Limit
statement, but unless you mean to only limit GET POST and PUT, just
leave the limit statement out.

Quote:>        order deny,allow
>        deny from all
>        require user x

This will deny all accesses; unless you have a "satisfy any" somewhere,
it requires that both the host and the user authentication are met.  The
host authe will never be met.
Quote:>        </Limit>
></Directory>
>I'm also looking at various web docs, but they all seem to utilize the
>.htaccess convention.


 
 
 

access.conf alternative to .htaccess

Post by Stunt Po » Tue, 09 Sep 1997 04:00:00



>[posted and mailed]


>><Directory /ClientAccess/x>

>Is that the real path?  You need to be sure that the path is the one
>pointed to in the Apache configs; if there is a symlink or two involved,
>you could have the wrong path.

>Try accessing a URL inside the protected directory, but with a file
>that doesn't exist.  eg. if you want to protect http://site/foo/ then
>try accessing http://site/foo/adflkjlkqj.  Note what the path in
>the error log is.  That is the path you need in your Directory container.

This did the trick. I wasn't specifying an absolute pathname, but the
path relative to DocumentRoot, but had a leading slash. (I'm so
embarassed). Now I'm using absolute path.

Quote:>Or you can use a Location container to specify the HTTP path.

You mean along the lines of:
<Location http://www.myserver.com/mypath>      ?
</Location>

Quote:>>        <Limit GET POST PUT>

>I have NO idea where people get the idea that they need a Limit
>statement, but unless you mean to only limit GET POST and PUT, just
>leave the limit statement out.

I didn't know this. I guess all the examples you see out there (the
tutorials at NCSA, etc.) more often than not include the <Limit> tags
and directives.

regards, markjr

--
Mark Jeftovic (aka: Mark Jeff or Vic, Stunt Pope)
BOFH, Private World Communications www.privateworld.com

irc: L-bOMb motto: Keep `em Guessing

 
 
 

access.conf alternative to .htaccess

Post by Marc Slemk » Tue, 09 Sep 1997 04:00:00




>>Or you can use a Location container to specify the HTTP path.

>You mean along the lines of:
><Location http://www.myserver.com/mypath>  ?
></Location>

No.  Something like:

        Location /mypath

Then no matter what directory it is in on your fs, the restriction
will apply if the "web path" starts with /mypath/.

See the docs for full details.