Date: Tue, 28 Oct 2003 06:58:10 -0600 From: "Charles Howse" <chowse@charter.net> To: <questions@FreeBSD.org> Subject: User authentication not working in Apache2 Message-ID: <000901c39d53$23e5e060$04fea8c0@moe>
next in thread | raw e-mail | index | archive | help
Hi,
I'd like to restrict access to 1 of several cgi scripts on my website to
authorized users only.
Problem is, after configuring httpd.conf, .htaccess, .passwd, anyone can
still run the script.
I created the .passwd file with htpasswd -c myfilename myusername.
Of course, I restarted apache after all changes to httpd.conf with
apachectl restart. No errors.
I've poured over the Apache documentation on their website, and Googled
all day yesterday, no joy.
The error log shows *nothing* related to execution of this script. The
access log shows nothing other than the GET line for this script.
Any help would be appreciated.
Here are some relevant sections from httpd.conf (I'll post the entire
38k file if allowed.)
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a
DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are
used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module libexec/apache2/mod_access.so
LoadModule auth_module libexec/apache2/mod_auth.so
[snip]
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/www/data"
#
# Each directory to which Apache has access can be configured with
respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).=20
#
# First, we configure the "default" to be a very restrictive set of=20
# features. =20
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /usr/local/www/cgi-bin>
AllowOverride AuthConfig
</Directory>
Here is the .htaccess file which resides in /usr/local/www/cgi-bin:
<Files "myscript.cgi">
Options ExecCGI
AuthType Basic
AuthName "Password Required"
AuthUserFile /usr/local/www/.passwd # Not the best location for this
file, I know.
Require valid-user
</Files>
Thanks,
Charles
Got a computer with idle CPU time?
Join SETI@home and help make history!
http://setiathome.ssl.berkeley.edu/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c39d53$23e5e060$04fea8c0>