From apwww@hyperreal.org Mon Sep 8 20:31:24 1997 Received: (from apwww@localhost) by hyperreal.org (8.8.5/8.8.5) id UAA20969; Mon, 8 Sep 1997 20:31:24 -0700 (PDT) Message-Id: <199709090331.UAA20969@hyperreal.org> Date: Mon, 8 Sep 1997 20:31:24 -0700 (PDT) From: Alan Halachmi Reply-To: HalachA@MontgomeryBell.com To: apbugs@hyperreal.org Subject: The .htaccess file requires authorization for everyone even if from .montgomerybell.com. X-Send-Pr-Version: 3.2 >Number: 1104 >Category: config >Synopsis: The .htaccess file requires authorization for everyone even if from .montgomerybell.com. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: support >Submitter-Id: apache >Arrival-Date: Mon Sep 8 20:40:02 1997 >Last-Modified: Fri Oct 31 20:52:41 PST 1997 >Originator: HalachA@MontgomeryBell.com >Organization: >Release: 1.2.1 >Environment: OS: Solaris 2.5 (x86) Compiled w/ GCC uname -a: SunOS Argus 5.5 Generic_103094-07 i86pc i386 i86pc >Description: I can't find anything wrong, but who knows? I tried to put the same information in a tag in the access.conf file, but got the same results. A dump of the .htaccess file follows: order allow,deny allow from .montgomerybell.com. deny from all AuthUserFile /export/home/www/Authorize/.htpasswd AuthGroupFile /export/home/www/Authorize/.htgroup AuthName MBA Student Access AuthType Basic require valid-user satisfy any require user admin require group development >How-To-Repeat: >Fix: >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: marc State-Changed-When: Mon Sep 8 20:44:08 PDT 1997 State-Changed-Why: First off, don't use "Limit GET POST" unless you really mean _ONLY_ limit GETs and POSTs. Leave the Limit container out entirely if you want to limit all methods. What does your logfile show for the requests that you think should be allowed by the allow from? If you are using NIS in a particular way or have your /etc/hosts file setup in a particular way Apache may never be seeing the domain name. Oh, if you have hostnamelookups off it will fail in 1.2 as well. The access log will give you a start on seeing why. State-Changed-From-To: analyzed-closed State-Changed-By: marc State-Changed-When: Fri Oct 31 20:52:40 PST 1997 State-Changed-Why: No feedback, assuming resolved >Unformatted: