On Wed, 16 Apr 1997, Rob Cash wrote: [...] > >Description: > When I try to access an HTML document (either through a link or by typing > in the URL myself) that is located in a 'private' directory (protected by > a .htaccess file), I am asked for a password (as is expected). I click > cancel and am denied access. However if I access some CGI script in that > directory through a form, I am allowed access. [...]
> <form action=private/test.cgi method=post> [...] > Here's the .htaccess file: > AuthType Basic > AuthName SLAP Utility Private Area > AuthUserFile .htpasswd > <Limit GET PUT> > require valid-user > </Limit> You are telling it to limit GET and PUT. Then you are doing a POST. If you want to limit POST, you need to tell it to. You should also be able to just leave the <Limit> and </Limit> bit out and have it apply to all methods.
