----- "Sacha Varma" <sa...@ssl.co.uk> wrote:

> Ok, thanks Brian.
> 
> For the log - after a bit of experimentation, the problem I have
> appears 
> to be that while you can password-protect a Location, Location 
> directives are applied after rewrites. So if you have:
> 
>      ScriptAlias /cgi-bin/ /some/where/cgi-bin/
> 
>      RewriteRule ^.*$ /cgi-bin/my-cms [QSA,PT,L]
> 
>      <Location /somepath>
>          AuthType Basic
>          ....
>      </Location>
> 
> Your Location will never match (because the Location is always 
> /cgi-bin/my-cms by the time Apache applies the Location to it).

The reason for this is actually [PT] -- the processing would never
even hit the ScriptAlias without it
http://httpd.apache.org/docs/trunk/rewrite/flags.html#flag_pt

Now, considering this, you can either apply your authentication to

<Directory /some/where/cgi-bin/login/>
   Authtype Basic
   ....
</Directory>

Or in:

<Location /cgi-bin/login/script.cgi>
   AuthType Basic
   ...
</Location>

i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to