>Number: 3048 >Category: general >Synopsis: No autorization with .htaccess >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Sep 22 23:50:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.1 >Environment: Windows NT 4.0 Server >Description: Hi,
on our WinNT system runs an apache web server. If I use a .htaccess file and a htpasswd file the server says always I am unauthorized. I am sure that I loged in with the correct password. The error.log file has the following entry: [Tue Sep 22 16:18:07 1998] [error] user gast: password mismatch: /elabbin/elabnt .pl What can I do? Thanks, Dirk >How-To-Repeat: Here is the access.conf file # access.conf: Global access configuration # Online docs at http://www.apache.org/ # This file defines server settings which affect which types of services # are allowed, and in what circumstances. # Each directory to which Apache has access, can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # Note: Where filenames are specified, you must use forward slashes # instead of backslashes. e.g. "c:/apache" instead of "c:\apache". If # the drive letter is ommited, the drive where Apache.exe is located # will be assumed # Originally by Rob McCool # First, we configure the "default" to be a very restrictive set of # permissions. # XXXX disabled because it is currently broken on Win32 #<Directory /> #Options FollowSymLinks #AllowOverride None #</Directory> # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. # This should be changed to whatever you set DocumentRoot to. <Directory "d:/elab/apache/server"> # This may also be "None", "All", or any combination of "Indexes", # "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews". # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. Options Indexes FollowSymLinks # This controls which options the .htaccess files in directories can # override. Can also be "All", or any combination of "Options", "FileInfo", # "AuthConfig", and "Limit" AllowOverride All # Controls who can get stuff from this server. order allow,deny allow from all </Directory> # d:/elab/apache/cgi-bin should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. <Directory "d:/elab/apache/server/elabbin"> Options ExecCGI </Directory> # Allow server status reports, with the URL of http://servername/server-status # Change the ".your_domain.com" to match your domain to enable. #<Location /server-status> #SetHandler server-status #order deny,allow #deny from all #allow from .hmi.de #</Location> # There have been reports of people trying to abuse an old bug from pre-1.1 # days. This bug involved a CGI script distributed as a part of Apache. # By uncommenting these lines you can redirect these attacks to a logging # script on phf.apache.org. Or, you can record them yourself, using the script # support/phf_abuse_log.cgi. #<Location /cgi-bin/phf*> #deny from all #ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi #</Location> # You may place any other directories or locations you wish to have # access information for after this one. The .htaccess file: AuthName "PUBLIC-Elektronisches Laborbuch" AuthType Basic AuthUserFile "d:/elab/apache/server/elabbin/htpasswd" require user test require user gast require user dirk The htpasswd file (password for gest is test): gast:RxvCRMqtdryys dirk:RxVixYwYOqHEY test:RxrOFkw0zRndU >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
