This is driving me nuts. No matter what I do, what changes I make in
httpd.conf, how I make .htaccess, I can't get directory security to
work.

I have folder:
/var/www/html/msa

In it I have the file .htaccess which contains:

AuthUserFile /var/www/html/msa/htpasswd
AuthName "Enter Password"
require valid-user
AuthType Basic
Satisfy any

To create the htpasswd file, from the command prompt in the folder I
did:

$ htpasswd -c ./htpasswd username

I put the password in twice as prompted.

I Web browse to that dir, and I don't get challenged for a password.

In my httpd.conf, I have these lines: (with some stuff in between each
section, but they are in this order)

<Directory />
Options FollowSymLinks
#AllowOverride AuthConfig
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
#AllowOverride None <--If I use this line, I can't access ANY
folder
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

AccessFileName .htaccess

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>


I can't find any other sections that might be related.
At this point, I can't even remember all the different ways I've tried
editing these lines. And only two results will occur: No change and I
can access the directory in question unchallenged, or I'm not allowed
to access ANY folder.

Any suggestions what in the world I'm doing wrong?

Thanks!
Liam

In comp.os.linux.misc news@celticbear.com wrote:
> Any suggestions what in the world I'm doing wrong?

Whaever your logs say you are doing wrong. What do they say? And what
does a debug trace on your server tell you?

If you don't want to do log or trace debugging, you could always do
binary section debugging against a working config!

Peter

In comp.os.linux.misc news@celticbear.com wrote:
> Any suggestions what in the world I'm doing wrong?

Whaever your logs say you are doing wrong. What do they say? And what
does a debug trace on your server tell you?

If you don't want to do log or trace debugging, you could always do
binary section debugging against a working config!

Peter

On 25 Feb 2005 13:00:54 -0800, news@celticbear.com <news@celticbear.com> wrote:
> This is driving me nuts. No matter what I do, what changes I make in
> httpd.conf, how I make .htaccess, I can't get directory security to
> work.
>
> I have folder:
> /var/www/html/msa
>
> In it I have the file .htaccess which contains:
>
> AuthUserFile /var/www/html/msa/htpasswd
> AuthName "Enter Password"
> require valid-user
> AuthType Basic
> Satisfy any

Read apache docs for Satisfy. By "any", you already meet the "Allow from
all" in Directory section, therefore, the Auth is not required. You
likely want to change or delete that Satisfy line.

On 25 Feb 2005 13:00:54 -0800, news@celticbear.com <news@celticbear.com> wrote:
> This is driving me nuts. No matter what I do, what changes I make in
> httpd.conf, how I make .htaccess, I can't get directory security to
> work.
>
> I have folder:
> /var/www/html/msa
>
> In it I have the file .htaccess which contains:
>
> AuthUserFile /var/www/html/msa/htpasswd
> AuthName "Enter Password"
> require valid-user
> AuthType Basic
> Satisfy any

Read apache docs for Satisfy. By "any", you already meet the "Allow from
all" in Directory section, therefore, the Auth is not required. You
likely want to change or delete that Satisfy line.

David Efflandt wrote:
> On 25 Feb 2005 13:00:54 -0800, news@celticbear.com
<news@celticbear.com> wrote:
> > This is driving me nuts. No matter what I do, what changes I make
in
> > httpd.conf, how I make .htaccess, I can't get directory security to
> > work.
> >
> > I have folder:
> > /var/www/html/msa
> >
> > In it I have the file .htaccess which contains:
> >
> > AuthUserFile /var/www/html/msa/htpasswd
> > AuthName "Enter Password"
> > require valid-user
> > AuthType Basic
> > Satisfy any
>
> Read apache docs for Satisfy. By "any", you already meet the "Allow
from
> all" in Directory section, therefore, the Auth is not required. You
> likely want to change or delete that Satisfy line.

OK, I read that, makes sense. So I changed Satisfy any to Satisfy all,
as it sounds like that requires all people to have to validate...but it
still let me in.
So then I added deny from all, no change.
Then deleted the Satify line altogether, no change.
I still think it has something to do with httpd.conf, but I can figure
out what.

Thanks for replying!
Liam

David Efflandt wrote:
> On 25 Feb 2005 13:00:54 -0800, news@celticbear.com
<news@celticbear.com> wrote:
> > This is driving me nuts. No matter what I do, what changes I make
in
> > httpd.conf, how I make .htaccess, I can't get directory security to
> > work.
> >
> > I have folder:
> > /var/www/html/msa
> >
> > In it I have the file .htaccess which contains:
> >
> > AuthUserFile /var/www/html/msa/htpasswd
> > AuthName "Enter Password"
> > require valid-user
> > AuthType Basic
> > Satisfy any
>
> Read apache docs for Satisfy. By "any", you already meet the "Allow
from
> all" in Directory section, therefore, the Auth is not required. You
> likely want to change or delete that Satisfy line.

OK, I read that, makes sense. So I changed Satisfy any to Satisfy all,
as it sounds like that requires all people to have to validate...but it
still let me in.
So then I added deny from all, no change.
Then deleted the Satify line altogether, no change.
I still think it has something to do with httpd.conf, but I can figure
out what.

Thanks for replying!
Liam

news@celticbear.com wrote:
no change.
no change.

Ask your system administrator to enable htaccess processing for you.

If you are your own admin, just dump htaccess. It's very inefficient,
as well as unnecessarily complex.

--
Nick Kew