> > >Thanks for your suggestion. Is is possible to use an .htaccess file to
> > >restrict access by username?
> So is it then not possible to use the .htaccess file to permit access to the
> Web pages without username and password by just the htdig process or just one
> username's processes while still requiring username and password for all other
> accesses?
You can allow access without a password from a given IP address or
host name(s), while requiring a password from everywhere else.
This is what "satisfy any" (previously mentioned by someone else)
is for; it allows access when either of two authentication
methods (specified with both "allow" and "require") succeeds.
Another example (from something I used to restrict an entire virtual host;
you can put similar stuff in <Location> <Directory> or
in a .htaccess file.)
<Location / >
order deny,allow
deny from all
allow from host.example.com
AuthType Basic
AuthUserFile /opt/local/httpd/passwords/proto-htpass
AuthName "Restricted Pages"
require valid-user
satisfy any
</Location>
The Apache server, has no good way to know what requests come from
"one username" or "just the htdig process". Apache authetication
doesn't use the ident/auth username or user-agent, which are the
closest things to proxies for that information, because they are
quite insecure and spoofable.
> > Well, this is the point of authentication methods. You could
> > certainly make a username/password pair for htdig alone.
> Do you specify a different Web username and password combination for htdig to
> use from what other processes use? How does one do that? Can this be set up
> in the .htaccess file?
Read the Apache documentation on mod_access, mod_auth, satify, require
and htpasswd
also see:
http://www.apacheweek.com/features/userauth
I think you can do it in .htaccess if the "Allow Override" settings in the
server configuration is "All" or includes "AuthConfig" and "Limit".
These are mostly Apache issues, not htdig issues.
--
Albert Lunde [EMAIL PROTECTED] (new address)
[EMAIL PROTECTED] (old address)
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
List archives: <http://www.htdig.org/mail/menu.html>
FAQ: <http://www.htdig.org/FAQ.html>
