I have some NoAuth pages I'd like to use with htaccess/htpasswd-style Apache authentication but NoAuth pages served by Request Tracker don't seem to respect my settings in Apache's configuration.
Additionally, the pages themselves aren't requesting a username and password which I'd really like for a few of the NoAuth pages. This allows us to give people different summary views of ticket data through our own templates to present RequestTracker tickets to internal groups. So that doesn't work and neither do protections that Apache applies to those files, letting remote users request the .htpasswd and .htaccess files off the filesystem in spite of my configuration in Apache. For example, I have the following in my httpd.conf: <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> So I imagine this means RT's fastcgi instance is taking over and these requests aren't actually going to Apache, but I do see them in Apache's log: [20/Mar/2010:22:14:25 -0500] 128.255.76.130 TLSv1 DHE-RSA-AES256-SHA "GET /NoAuth/helpdesk/.htaccess HTTP/1.1" 15 [20/Mar/2010:22:35:52 -0500] 128.255.76.130 TLSv1 DHE-RSA-AES256-SHA "GET /NoAuth/helpdesk/.htaccess HTTP/1.1" 15 Any ideas on what is happening? I have no occurrence of AllowOverride None in my httpd.conf. _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com 2010 RT Training Sessions! San Francisco, CA, USA - Feb 22 & 23 Dublin, Ireland - Mar 15 & 16 Boston, MA, USA - April 5 & 6 Washington DC, USA - Oct 25 & 26 Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com