config/239: Directory config inconsistent

Mon, 17 Mar 1997 19:50:13 -0800 (PST) 

        The contract type is `' with a response time of 3 business hours.
        A first analysis should be sent before: Tue Mar 18 11:00:00 PST 1997


>Number:         239
>Category:       config
>Synopsis:       Directory config inconsistent
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Mon Mar 17 19:50:00 1997
>Originator:     [EMAIL PROTECTED]
>Organization:
apache
>Release:        1.2b7
>Environment:
Linux 3.0.3, kernel 2.0.18, gcc 2.7.2

Netscape 3.0.1 Gold
>Description:
I have a number of directories I need to protect. 1 protection configuration 
works and the others do not.

The following configuration works as expected - only users with
password in .htpasswd file can access the directory.

# directory secured with .htaccess within directory                             
<Directory /home/httpd/html/prot>
        Options Indexes FollowSymlinks
        AllowOverride AuthConfig
        AuthUserFile /etc/httpd/conf/.htpasswd
        AuthGroupFile /etc/httpd/conf/.htgroup
        AuthName Password
        AuthType Basic
        require group all-the-users
        <Limit GET PUT POST>
                order deny,allow
                deny from all
                allow from twpo.com.au, defence.gov.au
        </Limit>
</Directory>

The following protection config does not work.

<Directory /home/httpd/html/SLF/weekly-files/pp>                       
        Options Indexes FollowSymlinks
        AllowOverride All
        AuthUserFile /etc/httpd/conf/.slf-man-pp
        AuthGroupFile /etc/httpd/conf/.slf-managers
        AuthName Password
        AuthType Basic
        require group all-the-managers
        <Limit GET PUT POST>
                order deny,allow
                deny from all
                allow from twpo.com.au, defence.gov.au
        </Limit>

</Directory>       

The only difference I can determine is that the second one is not in 
the root of the server - however a move to root does not fix it. 

The error log does not report anything, an incorrect passwd however is
reported. The user puts in passwd after user name and gets an 
"Authorisation Failed - Retry?" message.

I have tried just about all different configs, using Files, Location but
all fail.

Any help appreciated
>How-To-Repeat:
www.twpo.com.au/prot/times.html    - works OK
www.twpo.com.au/SLF/weekly-files/pp/p1_02pp.html  - fails

I will create a user apache, passwd apache

>Fix:
I wish I did!%2
>Audit-Trail:
>Unformatted:

Reply via email to