Hello,
I've got a development area of a site that i want to password-protect with a
.htaccess file until i'm ready to release it. It's the cgi-bin area. I'm
using apache2.50. I've changed
AllowOverRide None
to
AllowOverRide AuthConfig
and added a .htaccess file in /usr/local/www/cgi-bin. Here it is.

AuthType Digest
AuthName darkness
AuthDigestFile /usr/local/etc/apache2/domains_digest
<Limit GET POST>
require valid-user
</Limit>

I created a password file with htdigest yet when i go to a page in the
cgi-bin area instead of being prompted for a password i get the page. Any
help appreciated.
Thanks.
Dave.

[ Post a follow-up to this message ]

"dave" <dmehler26@woh.rr.com> said:
>I've got a development area of a site that i want to password-protect with 
a
>.htaccess file until i'm ready to release it. It's the cgi-bin area. I'm
>using apache2.50. I've changed
>AllowOverRide None
>to
> AllowOverRide AuthConfig
>and added a .htaccess file in /usr/local/www/cgi-bin. Here it is.

Hmm.. I'd assume that cgi-bin is a slightly different in configuration
from the regular content directories, and might not honor .htaccess
files. Try to configure this in httpd.conf; something like:

<Location /cgi-bin>
AuthType Digest
AuthName darkness
AuthDigestFile /usr/local/etc/apache2/domains_digest
<Limit GET POST>
require valid-user
</Limit>
</Location>

should be close to correct.

I think .htaccess is mostly intended to use in cases where the persons
controlling the directory do not have access to httpd.conf.
--
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

[ Post a follow-up to this message ]

Hello,
Thanks, your suggestion of putting this in the httpd.conf file did the
trick. I am still uncertain as to why the .htaccess file didn't take.
Thanks.
Dave.

[ Post a follow-up to this message ]

"dave" <dmehler26@woh.rr.com> said:
>    Thanks, your suggestion of putting this in the httpd.conf file did the
>trick. I am still uncertain as to why the .htaccess file didn't take.

I haven't checked from the source (I seem to recall documentation doesn't
explicitly say this), but I think .htaccess files are only processed for
- Directories within DocumentRoot
- Aliased directories
... and cgi-bin, being ScriptAliased, doesn't fall in either of these
categories. I think I can see the sense in this decision, but I have
a slight difficulty in putting it to concrete words.
--
Wolf  a.k.a.  Juha Laiho     Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

[ Post a follow-up to this message ]

"dave" <dmehler26@woh.rr.com> wrote in message
news:s9dwd.974$xW3.634@fe1.columbus.rr.com...
> Hello,
> I've got a development area of a site that i want to password-protect with
a
> .htaccess file until i'm ready to release it. It's the cgi-bin area. I'm
> using apache2.50. I've changed
> AllowOverRide None
> to
>  AllowOverRide AuthConfig
> and added a .htaccess file in /usr/local/www/cgi-bin. Here it is.
>
> AuthType Digest
> AuthName darkness
> AuthDigestFile /usr/local/etc/apache2/domains_digest
> <Limit GET POST>
> require valid-user
> </Limit>
>
> I created a password file with htdigest yet when i go to a page in the
> cgi-bin area instead of being prompted for a password i get the page. Any
> help appreciated.
> Thanks.
> Dave.

Hello dave,

The information you have given is not sufficient to analyse the problem.
As Juha said It might help. But usually you declare AuthType at Server level
like this.

AccessFileName .htaccess
<Directory />
Options None
AllowOverride None
AuthType Digest
AuthName "darkness"
AuthDigestFile /usr/local/etc/apache2/domains_digest
</Directory>

After this you add "AllowOverRide AuthConfig" for required area! Like in
your case cgi-bin directory.

You can use Location directive or you can use Directory directive. But
remember if you use Location directive, it will be processed after all the
directory directive applied and all the File directives applied and
.htaccess file is read.

You can use directory directive like this,

<Directory /@serverroot@/cgi-bin>
AllowOverride authconfig
Options ExecCGI
</Directory>

I assumed that you have cgi-bin directory in @serverroot@ directory and you
don't have any aliases. If you have aliases, you have to mention absolute
path here.

This will allow .htaccess file being configured only to cgi-bin directory.

So see if your earlier configuration has missed any thing?

regards
Holla

[ Post a follow-up to this message ]