on 2/7/01 2:56 AM, Owen Boyle at [EMAIL PROTECTED] wrote:
> James Hastings-Trew wrote:
>> I think others have asked this question as well, but I would like a portion
>> of my secure site to be blocked to access unless a name and password is
>> entered.
>
> There should be no problem with running password-access under SSL.
> Double-check the following points:
>
> - Your configuration should look something like this (assuming you put
> the authorisation directives in httpd.conf):
>
> <VirtualHost your_ssl_site:443>
>
> ...SSL directives...
>
> DocumentRoot /home/web/html/secure
>
> <Directory /home/web/html/secure/protected>
> AuthType Basic
> AuthName "Protected HTTPS Area"
> AuthUserFile /home/web/admin/https.pwd
> require valid-user
> </Directory>
>
> </VirtualHost>
>
> - make sure to *restart the server* after making the changes.
Yes, you'd think this would work, but after trying configuring the server
with the directives in the httpd.conf file and/or in an .htaccess file, the
result is the same - apache blithely serves up the requested page without
asking for a name and password.
The directives in my httpd.conf look like this:
<VirtualHost 111.222.333.444>
...SSL directives...
<Directory /var/www/my.domain.com/html/adminpages>
AuthType Basic
AuthName "Website Admin"
AuthUserFile /etc/httpd/admin-users
require valid-user
</Directory
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]