>Number: 401 >Category: config >Synopsis: htpasswd error / misconfiguration error >Confidential: no >Severity: serious >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Apr 16 01:50:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.1.3 >Environment: Debian Linux 2.0.27 on a 200 MHz hp Vectra >Description: Hi we tried to establish a password protected access in one subtree of our www pages. The apache is installed by dinstall and running well, so we wanted to add the password protection. 1. I modified access.conf 2. I inserted .htaccess in my own homepage (for using it while experimenting) 3. I created a .htpasswd by using htpasswd 4. I sent a SIGUP to the apache process 5. I tried to access my homepage and got an error message.
Here is a protocol of the actions we did: Part of our access.conf in /etc/apache: # access.conf: Global access configuration # Online docs at http://www.apache.org/ # This file defines server settings which affect which types of services # are allowed, and in what circumstances. # Each directory to which Apache has access, can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # Originally by Rob McCool # This should be changed to whatever you set DocumentRoot to. ##<Directory /var/web/webspace> <Directory /home/www-data/webspace> .... # Controls who can get stuff from this server. order allow,deny allow from all </Directory> <Directory /home/www-data/webspace/staff> Options None AllowOverride All <Limit GET> #order deny,allow #deny from all #allow from .informatik.uni-stuttgart.de #allow from 129.69.183 #allow from 129.69.212 allow from all </Limit> </Directory> # ps axu | grep apach root 386 0.0 2.1 1132 648 ? S Apr 11 0:00 /usr/sbin/apache root 14488 0.0 0.0 96 8 p5 R 09:44 0:00 grep apach www-data 13359 0.0 2.3 1132 712 ? S 06:42 0:00 /usr/sbin/apache www-data 13360 0.0 2.3 1132 704 ? S 06:42 0:00 /usr/sbin/apache www-data 13361 0.0 2.3 1132 712 ? S 06:42 0:00 /usr/sbin/apache www-data 13362 0.0 2.3 1132 704 ? S 06:42 0:00 /usr/sbin/apache www-data 13363 0.0 2.3 1132 704 ? S 06:42 0:00 /usr/sbin/apache www-data 14283 0.0 2.1 1132 648 ? S 09:15 0:00 /usr/sbin/apache www-data 14285 0.0 2.1 1132 648 ? S 09:15 0:00 /usr/sbin/apache www-data 14286 0.0 2.1 1132 648 ? S 09:15 0:00 /usr/sbin/apache www-data 14287 0.0 2.1 1132 644 ? S 09:15 0:00 /usr/sbin/apache # kill -SIGHUP 386 # # cd /home/www-data/webspace/staff # more .htpasswd sommer96:z/vPpL2KH.sJc # pwd /home/www-data/webspace/staff/krause # more .htaccess AuthUserFile /home/www-data/webspace/staff/.htpasswd AuthGroupFile /dev/null AuthName ByPassword AuthType Basic <Limit GET> require user winter96 </Limit> # Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. >How-To-Repeat: try to access http://www.ra.informatik.uni-stuttgart.de/staff/staff.html and then access Klemens Krause >Fix: There is probably something wrong or missing in a configuration file. BTW: our /home/www-data/webspace is mounted from another computer >Audit-Trail: >Unformatted:
