>Number: 4356 >Category: general >Synopsis: incorrect messages in error_log relative to .htaccess control. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed May 5 07:30:01 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.6 >Environment: AIX 4.1.5 Apache 1.3.6 compiled with gcc 2.7.2 to replace NCSA 1.5.2 >Description: We protect a directory with a .htaccess file which points to .htpasswd and .htgroup files. It works properly but gives error messages in the log file, like
[Wed May 5 15:36:20 1999] [error] [client xxx.xxx.xxx.xxx] user alain not found: /ggg/ci/.. (Note the ending "..") This happens when trying to access the directory http://domain/ggg/ci despite the fact that the authentification works well and the contents of the directory are shown. The same message appears again each time the page is reloaded, even if no authentification is asked anymore. However, if the same is tried but a particular file is accessed, say http://domain/ggg/ci/bla.html no error message appears. The user "alain" is listed in .htgroup as a member of group "ci" and in .htpasswd. The same error message would appear with a user which would not exist (but then access is really denied). *** .htaccess in /ggg/ci *** AuthUserFile /out_the_tree/.htpasswd AuthGroupFile /out_the_tree/.htgroup AuthName ci AuthType Basic <Limit GET> order deny,allow deny from all allow from .umh.ac.be require group ci </Limit> *** .htgroup *** ci: alain yves chantal jean monique marianne ci *** .htpasswd *** alain:T..........w (...) >How-To-Repeat: This happens in a part of our site not accessible from outside. Besides the only visible effects are in the log file. >Fix: The ending ".." appearing in the error message following the directory name might be a key to understand the problem. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
