>Number: 903 >Category: mod_access >Synopsis: .htaccess files in subdirectories ignored >Confidential: no >Severity: serious >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Jul 23 12:10:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2.0 >Environment: IRIX64 6.4 02121744 IP27 >Description: When a .htaccess file appears in the root of a directory tree, all .htaccess files within subdirectories of that tree appear to be ignored.
We have our system set up by default (in access.conf) to place authentication on specific directories and allow for the developers to change them with .htacces files as they wish >How-To-Repeat: In the access.conf, put authenticaion on a directory... ie <DIRECTORY /path/to/directory> AuthName Whatever AuthType Basic AuthUserFile /path/to/passwd/file require valid-user AllowOverride All </DIRECTORY> Then, in the directory specified above, create a .htaccess file with: allow from all satisy any now place a .htaccess file within a subdirectory of that one, that contains AuthName Protected Area AuthType Basic AuthUserFile /path/to/user/file/.htpasswd require valid-user When you go to the protected directory, it will be open with no authentication needed. >Fix: >Audit-Trail: >Unformatted:
