Hi all, I have been trying to get a simple AAA config to work in httpd v2.0, and the understanding that I get from reading the docs doesn't result in a working config.
Basically I have a password protected URL space /, and a more specific differently protected URL space /bugzilla. No matter what config I try, it seems that the config for / always wins, and the config for /bugzilla is always ignored. The config looks like this: # deny everybody to see if it's having an effect <Location /bugzilla> Order allow,deny Deny from all </Location> # aaa for / <Location /> AuthName "Username" AuthType Basic ...basic auth stuff... </Location> Couple of things that happen: - /bugzilla triggers the / config, and I am asked for a username and password as per /. I expected it to say "forbidden". - "AuthName Username" has no effect - the browser (FF) chooses a default realm which seems to be "Authorised Access Only", instead of "Username". - The docs for Location claim that Location directives are processed in config file order, but it doesn't explicitly state whether the first matched URL wins, or the last URL matched wins. - According to the docs, both AuthType and AuthName can only appear in Directory or .htaccess, but not Location. I cannot see any reason why basic auth should only work for physical files on the filesystem. Either way, using it in a Location tag does not throw any error. Can anyone clarify how this is supposed to work, so I can update the documentation? Regards, Graham --
