Security Basics mailing list archives
Re: Insecure handling of Apache restrictions?
From: Mike Arnold <mike () midkaemia fsnet co uk>
Date: Sun, 13 Oct 2002 00:26:14 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 11 Oct 2002 12:23 am, "Benoît" Gauthier wrote: <snip>
However, if the same page (and directory) is accessed via http://blabla.ca/~user, then NO authentification is done! NONE!
Because if you look closely the documents protected are under http://blabla.ca/~user/secure if I remember my apache right. The access to http://blabla.ca/~user are not controlled.
Why? How can I circumvent this behaviour?
Possibly by doing this. <Directory /home/user/public_html/> AuthType Basic AuthName "Please enter your user id and password." AuthDBUserFile /home/user/public_html/controle Require valid-user </Directory> I'm certainly out of date with apache as I haven't configured it in a while, but to me the above would make sense.
Thanks in advance.
Welcome, hope it works.
Benoît
Mike - -- By three methods we may learn wisdom: First, by reflection, which is noblest; Second, by imitation, which is easiest; and third by experience, which is the bitterest. --Confucius -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9qK+a8EqADYNpcNQRAi/UAJ4xys0xOsIDqaKbLe6vv/z3VZjPIwCeINH5 seiI8tulZeRtC+2iabHuANg= =3fVt -----END PGP SIGNATURE-----
Current thread:
- Re: Insecure handling of Apache restrictions? Eimantas V (Oct 15)
- Re[2]: Insecure handling of Apache restrictions? Benoît (Oct 16)
- <Possible follow-ups>
- Re: Insecure handling of Apache restrictions? Mike Arnold (Oct 15)
- Re[2]: Insecure handling of Apache restrictions? Benoît (Oct 16)
- Re: Re[2]: Insecure handling of Apache restrictions? Mike Arnold (Oct 16)
- Re[2]: Insecure handling of Apache restrictions? Benoît (Oct 16)
- Re: Insecure handling of Apache restrictions? White Vampire (Oct 16)
- Re: Insecure handling of Apache restrictions? Stewart (Oct 17)
- Re: Insecure handling of Apache restrictions? White Vampire (Oct 17)