Discussion:
.htaccess doesn't work in subdir of cgi-bin?
(too old to reply)
Mattes Herrlich
2004-11-30 21:28:16 UTC
Permalink
Hello all,

I try to protect the cgi-bin directory which includes my file
viewcvs.cgi . It's in a subfolder cgi-bin/viewcvs/
I'd like to use a .htaccess file but this doesn't seem to work there:

the .htaccess file:

AuthType Basic
AuthName "ViewCVS"
AuthUserFile /usr/lib/cgi-bin/viewcvs/.htpasswd
require valid-user

and in the httpd.conf I just manipulated the entry
AllowOverride None to ... AuthConfig
should work, or not?:

<Directory /usr/lib/cgi-bin/>
AllowOverride AuthConfig
Options ExecCGI
Order allow,deny
Allow from all
</Directory>


But it doesn't work... just no kind of password request. It also doesn't
help to write <Directory /usr/lib/cgi-bin/viewcvs/>.
Same .htaccess works in a user public_html directory!
Server is Apache 1.3.26 on debian.
Any ideas?
Thanks a lot!
cheers

Mattes
Davide Bianchi
2004-12-01 05:44:53 UTC
Permalink
Post by Mattes Herrlich
I try to protect the cgi-bin directory which includes my file
viewcvs.cgi . It's in a subfolder cgi-bin/viewcvs/
Usually the cgi-dir directory uses the ScriptAlias directive, that
include something like AllowOverride None that (in turn) disable the
use of .htaccess file.

You have two way: enable htacces by AllowOverride Auth or put your
authentication options directly in httpd.conf

Davide
--
The day Micro$lop makes something that doesn't suck is probably the
day they start making vacuum cleaners.
--Ernst Jan Plugge
Mattes Herrlich
2004-12-01 07:54:18 UTC
Permalink
Hello Davide,
Post by Davide Bianchi
Usually the cgi-dir directory uses the ScriptAlias directive, that
include something like AllowOverride None that (in turn) disable the
use of .htaccess file.
You have two way: enable htacces by AllowOverride Auth or put your
authentication options directly in httpd.conf
Yes, but didn't I do that by writing this into the httpd.conf?:

<Directory /usr/lib/cgi-bin/>
AllowOverride AuthConfig
Options ExecCGI
Order allow,deny
Allow from all
</Directory>

Because of "AllowOverride AuthConfig", the use of .htaccess should work
for all files in /usr/lib/cgi-bin/ and its subdirectories, or am I wrong
here?
Unfortunately it doesn't work..
cheers,

Mattes
Mattes Herrlich
2004-12-01 07:58:59 UTC
Permalink
Oh my dear!
It works now, sorry for asking!

It seems I forgot to restart the browser (yes, the browser, I already
restarted apache) after having accessed the page without .htaccess
previously. ;)
cheers

Mattes
Davide Bianchi
2004-12-01 08:06:34 UTC
Permalink
Post by Mattes Herrlich
<Directory /usr/lib/cgi-bin/>
AllowOverride AuthConfig
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
Well, yes. I tried the same with Apache 1.3.31 and it worked, only
differences: I used "AllowOverride All" and "Options +ExecCGI".
Maybe is a problem in the different version of Apache.

You can try using those directives, then adding the Auth* directives
directly in the httpd.conf. Other than that, maybe upgrade is an
option.

Davide
--
Sysadmins don't go to hell; we're already doing our time in purgatory.
--Peter deFriesse
Loading...