yup, thats fair enough, I use a very "custom" file name and I don't allow indexing..., so I don't really think I have to much to worry about.. but yes, this is true, the user file really shouldn't be in the html area... rgds Frank -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael D. Viron Sent: Sunday, 16 September 2001 10:08 PM To: [EMAIL PROTECTED] Subject: RE: [newbie] apache question .htaccess file and httpd.conf settings relating to it. At 05:03 PM 09/16/2001 +0800, Franki wrote: >also, do you have the paths to the document root set correctly in >httpd.conf? > >if you are trying to serve pages from the servers root directory, it will >give that result... > >if its not set to serve root... > >take a look in /etc/httpd/conf/httpd.conf > >look in the directory listings... > >ie <Directory............ > >inside them (particularly your html directory), you should have a line like >this: >AllowOverride AuthConfig Limit Options > >That will allow your web server to accept htaccess files... > >in your .htaccess file, (which goes in the web diectory you want to protect) > >you should have something like this: > >Options All >AuthType "Basic" >AuthName "Protected Access" >AuthUserFile /var/www/html/somedirectory/somefile.access ><Limit GET> >require valid_user ></Limit> Actually, the user file should be somewhere above the html root directory--otherwise a direct request could be made for it if someone knows what the filename is, and therefore would then be able to get a list of "valid" users. Michael -- Michael Viron Registered Linux User #81978 Senior Systems & Administration Consultant Web Spinners, University of West Florida
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
