Received: (qmail 25988 invoked by uid 2012); 17 Aug 1999 22:31:56 -0000 Message-Id: <19990817223156.25987.qmail@hyperreal.org> Date: 17 Aug 1999 22:31:56 -0000 From: David Alexander Reply-To: taz@lagmonster.org To: apbugs@hyperreal.org Subject: Intermittant operation of .htaccess X-Send-Pr-Version: 3.2 >Number: 4871 >Category: mod_auth-any >Synopsis: Intermittant operation of .htaccess >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Quarter: >Keywords: >Date-Required: >Class: support >Submitter-Id: apache >Arrival-Date: Tue Aug 17 15:40:00 PDT 1999 >Closed-Date: Wed May 03 12:56:51 PDT 2000 >Last-Modified: Wed May 03 12:56:51 PDT 2000 >Originator: taz@lagmonster.org >Release: 1.3.6 >Organization: >Environment: FreeBSD zone.lagmonster.org 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Tue May 18 04:05 :08 GMT 1999 jkh@cathair:/usr/src/sys/compile/GENERIC i386 >Description: When a valid .htaccess file is placed in a directory with intended protection, the server still serves the pages. Example .htaccess file: Authtype Basic AuthName "Ta see it sign in" AuthUserFile /usr/pass/redpasswd require valid-user The /usr/pass/redpasswd is in place and configured with htpasswd. >How-To-Repeat: Try http://www.lagmonster.org/~sam/ and all of the subdirectories under this site SHOULD require this authentication. If it prompts for you, use name: apache password: test >Fix: >Release-Note: >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: coar State-Changed-When: Wed May 3 12:56:50 PDT 2000 State-Changed-Why: Remove the and directives. If this directory is within the scope of a Satisfy Any directive, add Satisfy All to the .htaccess file. And upgrade to a current version of Apache; 1.3.6 is quite old and had several auth-related bugs in it. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]