DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13218>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13218 LimitExcept Breaks Authentication Summary: LimitExcept Breaks Authentication Product: Apache httpd-2.0 Version: HEAD Platform: Other OS/Version: Windows XP Status: NEW Severity: Major Priority: Other Component: Other Modules AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] If you have a LimitExcept directive controlling access to a directory, and set up basic authentication for that directory, the authentication fails. Apache just lets you in without requiring authentication. Example: <Location /> <LimitExcept GET HEAD POST> Require user bob </LimitExcept> </Location> ... <Alias /secret "D:/Web/www/protected"> <Directory "D:/Web/www/protected"> AuthType Basic AuthUserFile "D:/Web/htpasswd" AuthName "Protected Area" Require valid-user </Directory> With this config, pointing your browser to /secret just lets you right in with no prompt for password or anything. Removing the LimitExcept directive causes the authentication to work as expected. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
