basic apache/linux security?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have an apache server in which I have not had to mess with in three
years.  I currently have security set-up on the 'htdocs' directory, but
recently we needed to share out a directory with no security.  I
thought I did was I suppose to w/o using .htaccess files to accomplish
this.  But I get prompted for username/security when accessing this
directory.  The strange thing is, I can can hit cancel 3 times and
access the page without a problem.  Here's my config.

##########No security needed, but get prompted when accessing.
alias /comm/ "/usr/local/apache/comm/"

<Directory "/usr/local/apache/comm/">
   Options Indexes MultiViews
AuthAuthoritative Off
 AllowOverride None
    Order allow,deny
    Allow from all

#########Secured, want to keep it that way.
<Directory "/usr/local/apache/htdocs">
       AuthType Basic
        AuthName "(Use lowercase please)"
        AuthUserFile /usr/local/ops/users
        require valid-user
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all

Re: basic apache/linux security?

Hash: SHA1

On 23 Mar 2005 09:14:47 -0800,
Quoted text here. Click to load it

Check the code for the page you are trying to access, does it have
images, or other elements pulled from the restricted directory? Those
are probably triggering the password check, even if they aren't being
used on the page in question in any meaningful way. Try putting a simple
test page in the open directory, and seeing if viewing that triggers the
security check.

Version: GnuPG v1.2.5 (GNU/Linux)


Jim Richardson
Instruction ends in the schoolroom -- but education
 ends only with life. -- Publilius Syrus.

Site Timeline