Chris Frederick wrote: > Hi all, > > I was at the office today, and needed to get something from my email at > home. So I launched my browser, pointed to my horde installation, and > it let me in. I don't have any saved passwords, and to double check it, > I ran IE and Firefox and both were let in without any problem. > > I've done a bit of testing on it, and it seems that the "Satisfy any" > directive is not behaving, or it's picking up some "Allow from all" or > something somewhere. I can't find it anywhere. If I un-comment the > "Satisfy any" line, I can access the site from anywhere without a > password. The log file shows that my IP isn't being NATed or anything > to a local address, so the "allow from *" lines shouldn't be hitting it. > > Is there anything else I can check, or has something changed with apache > recently? > > My horde installation is running on my apache server with SSL. My > /etc/apache2/modules.d/41_mod_ssl.default-vhost.conf has these defined > for the ssl site: > > <Directory /var/www/htsdocs> > Options -Indexes FollowSymLinks MultiViews > AllowOverride All > <IfModule mod_access.c> > Order deny,allow > Deny from all > </IfModule> > </Directory> > > My /var/www/htsdocs/horde/.htaccess file lists this: > > <IfModule mod_ssl.c> > SSLRequireSSL > AuthName "Access Restricted" > AuthType Basic > AuthUserFile /var/www/mail_users > > #satisfy any > order deny,allow > #allow from 192.168.1.0/255.255.255.0 > #allow from 192.168.0.0/255.255.255.0 > #allow from 127.0.0.1 > require valid-user > </IfModule> > <IfModule !mod_ssl.c> > # no non-ssl access > order deny,allow > </IfModule> > > And "emerge --pretend -v apache" shows: > > [ebuild R ] net-www/apache-2.0.55-r1 +apache2 -debug -doc -ldap > -mpm-leader -mpm-peruser +mpm-prefork -mpm-threadpool -mpm-worker > -no-suexec (-selinux) +ssl -static-modules +threads > > Thanks for any help with this, > Chris Frederick >
.htaccess has been disabled by default since the move to the new-style configuration last year. Add an AllowOverride directive to the needed <Directory> sections in the httpd.conf or related vhosts.d/*.conf. http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride -- Michael Stewart [EMAIL PROTECTED] Gentoo Developer http://dev.gentoo.org/~vericgar GnuPG Key ID 0x08614788 available on http://pgp.mit.edu --
signature.asc
Description: OpenPGP digital signature
