I'd like to restrict access to 1 of several cgi scripts on my website to
authorized users only.
Problem is, after configuring httpd.conf, .htaccess, .passwd, anyone can
still run the script.
I created the .passwd file with htpasswd -c myfilename myusername.
Of course, I restarted apache after all changes to httpd.conf with
apachectl restart.  No errors.
I've poured over the Apache documentation on their website, and Googled
all day yesterday, no joy.
The error log shows *nothing* related to execution of this script.  The
access log shows nothing other than the GET line for this script.
Any help would be appreciated.

Here are some relevant sections from httpd.conf (I'll post the entire
38k file if allowed.)

# Dynamic Shared Object (DSO) Support
# To be able to use the functionality of a module which was built as a
DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
# Example:
# LoadModule foo_module modules/mod_foo.so
LoadModule access_module libexec/apache2/mod_access.so
LoadModule auth_module libexec/apache2/mod_auth.so


# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/usr/local/www/data"

# Each directory to which Apache has access can be configured with
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories). 
# First, we configure the "default" to be a very restrictive set of 
# features.  
<Directory />
    Options FollowSymLinks
    AllowOverride None
<Directory /usr/local/www/cgi-bin>
    AllowOverride AuthConfig

Here is the .htaccess file which resides in /usr/local/www/cgi-bin:

<Files "myscript.cgi">
Options ExecCGI
AuthType Basic
AuthName "Password Required"
AuthUserFile /usr/local/www/.passwd  # Not the best location for this
file, I know.
Require valid-user


Got a computer with idle CPU time?
Join [EMAIL PROTECTED] and help make history!

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to