Hi,
I'd like to restrict access to 1 of several cgi scripts on my
website to
authorized users only.
Problem is, after configuring httpd.conf, .htaccess, .passwd,
anyone can
still run the script.
I created the .passwd file with htpasswd -c myfilename myusername.
Of course, I restarted apache after all changes to httpd.conf with
apachectl restart. No errors.
I've poured over the Apache documentation on their website,
and Googled
all day yesterday, no joy.
The error log shows *nothing* related to execution of this
script. The
access log shows nothing other than the GET line for this script.
Any help would be appreciated.
Here are some relevant sections from httpd.conf (I'll post the entire
38k file if allowed.)
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a
DSO you
# have to place corresponding `LoadModule' lines at this
location so the
# directives contained in it are actually available _before_ they are
used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule access_module libexec/apache2/mod_access.so
LoadModule auth_module libexec/apache2/mod_auth.so
[snip]
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this
directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot /usr/local/www/data
#
# Each directory to which Apache has access can be configured with
respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the default to be a very restrictive set of
# features.
#
Directory /
Options FollowSymLinks
AllowOverride None
/Directory
Directory /usr/local/www/cgi-bin
AllowOverride AuthConfig
/Directory
Here is the .htaccess file which resides in /usr/local/www/cgi-bin:
Files myscript.cgi
Options ExecCGI
AuthType Basic
AuthName Password Required
AuthUserFile /usr/local/www/.passwd # Not the best location for this
file, I know.
Require valid-user
/Files
Well, I got it working. :-)
I'm not perfectly satisfied yet, but I'm much better off than I was.
I deleted the .htaccess file and put the directives in httpd.conf.
# Each directory to which Apache has access can be configured with
respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the default to be a very restrictive set of
# features.
#
Directory /
Options FollowSymLinks
AllowOverride None
/Directory
Directory /usr/local/www/cgi-bin
AllowOverride AuthConfig
Files status.cgi
AuthType Basic
AuthName Restricted File
AuthUserFile /home/charles/.htpasswd
Require user charles
/Files
/Directory
I still would like to protect an additional script.
I tried: Files status.cgi another.file.pl
That's unsupported.
I just tried Files ~ \(file1.cgi|file2.pl)$
Trying to match 2 specific filenames...no joy.
The Apache documentation for the Files directive says, The directives
given within this section will be applied to any object with a basename
(last component of filename) matching the specified filename.
I wonder if that means that I can only match files based on the
extension?
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
