>Number: 4871 >Category: mod_auth-any >Synopsis: Intermittant operation of .htaccess >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: support >Submitter-Id: apache >Arrival-Date: Tue Aug 17 15:40:00 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.6 >Environment: FreeBSD zone.lagmonster.org 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Tue May 18 04:05 :08 GMT 1999 [EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386 >Description: When a valid .htaccess file is placed in a directory with intended protection, the server still serves the pages. Example .htaccess file: Authtype Basic AuthName "Ta see it sign in" AuthUserFile /usr/pass/redpasswd <Limit GET POST> require valid-user </Limit>
The /usr/pass/redpasswd is in place and configured with htpasswd. >How-To-Repeat: Try http://www.lagmonster.org/~sam/ and all of the subdirectories under this site SHOULD require this authentication. If it prompts for you, use name: apache password: test >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
