On Tuesday 09 March 2010 15:50:11 Laurent Kappler wrote: > Mick a écrit : > > On Monday 08 March 2010 19:48:12 Laurent Kappler wrote: > >> Hi > >> > >> I'm using htpasswd to write the user password form my htaccess. > >> > >> It works only if I put "require valid-user" not if I put "require > >> specificuser" > >> > >> any idea? > > > > Have you tried: > > > > AuthType Basic (or Digest) > > AuthUserFile /usr/local/apache/passwd/htpasswords > > Require user specificuser > > > > Make sure that the path to the htpasswords file is outside your webroot - > > you don't want visitors to be able to access it! > > I check the log file here is the line: > 77.54.124.11 - specificuser [09/Mar/2010:16:46:35 +0100] "GET /admin > HTTP/1.1" 401 472 > > it does not auth. > My .htaccess: > > AuthUserFile /so/secret/path/.htpasswd > AuthGroupFile /dev/null > AuthName "Shoot the password" > AuthType Basic > <Limit GET POST> > require specificuser > </limit> > > <FilesMatch "^([_a-z0-9A-Z])+$"> > RewriteEngine On > RewriteRule (.*) /admin/index.n > </FilesMatch> > > so I shall avoir this <Limit> keyword...? Actually I don't get why just > specify that for GET and POST if someone arrive with a PUT does it mean > it will let it pass??
Well, as I said you need to add type "user" after "Require" and before the
name of the user, in your case specificuser:
Required user specificuser
Now, as the manual tells you the <Limit GET POST> means that the
authentication mechanism applies only for GET POST requests sent to the
server. It does not apply for any other type of requests. PUT, DELETE, COPY,
etc will be allowed to get through. Instead you may want to limit access on
part or all of the fs of your site; e.g.
<Location /htdocs/my_website>
Require user specificuser
</Location>
HTH.
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
