I have some NoAuth pages I'd like to use with htaccess/htpasswd-style
Apache authentication but NoAuth pages served by Request Tracker don't
seem to respect my settings in Apache's configuration.
Additionally, the pages themselves aren't requesting a username and
password which I'd really like for a few of the NoAuth pages. This
allows us to give people different summary views of ticket data
through our own templates to present RequestTracker tickets to
internal groups. So that doesn't work and neither do protections that
Apache applies to those files, letting remote users request the
.htpasswd and .htaccess files off the filesystem in spite of my
configuration in Apache.
For example, I have the following in my httpd.conf:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
So I imagine this means RT's fastcgi instance is taking over and these
requests aren't actually going to Apache, but I do see them in
Apache's log:
[20/Mar/2010:22:14:25 -0500] 128.255.76.130 TLSv1 DHE-RSA-AES256-SHA
"GET /NoAuth/helpdesk/.htaccess HTTP/1.1" 15
[20/Mar/2010:22:35:52 -0500] 128.255.76.130 TLSv1 DHE-RSA-AES256-SHA
"GET /NoAuth/helpdesk/.htaccess HTTP/1.1" 15
Any ideas on what is happening? I have no occurrence of AllowOverride
None in my httpd.conf.
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com
2010 RT Training Sessions!
San Francisco, CA, USA - Feb 22 & 23
Dublin, Ireland - Mar 15 & 16
Boston, MA, USA - April 5 & 6
Washington DC, USA - Oct 25 & 26
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
