Beno�t Gauthier wrote:
When the virtual site is accessed via http://user.blabla.ca, documents in the "secure" directory are correctly controlled by the statements. Fine.However, if the same page (and directory) is accessed via http://blabla.ca/~user, then NO authentification is done! NONE!
You could add a statement to your DocumentRoot section like so;
RedirectPermanent "/~user" "http://user.blablah.com/";
Which would force browsers to access the page via the 'proper' means, rather than via the back door. Besides; if a user has their own sub-domain, why would they want a tilde site anyways?
