[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

.htaccess in cgi-bin

Posted on 2000-01-11
8
Medium Priority
?
753 Views
Last Modified: 2013-11-18
i have a .htaccess file in my
htdocs/protected dir and it works fine
(i am asked for a password from the
.htpasswd file when i request the
data in that dir via my browser)
but when i put the exact same .htaccess file into my cgi-bin/protected dir it
wont work!

any ideas why not?
0
Comment
Question by:paulwhelan
8 Comments
 
LVL 1

Expert Comment

by:toTo
ID: 2350948
not so bad :
CGI are programs, so you can make them manage acces control
0
 
LVL 2

Expert Comment

by:mzehner
ID: 2351480
Your Apache web server configuration files should be in the directory "/etc/httpd/conf"  There are three of them.  The one you need to fix is "access.conf".  In this file are listed options for various directories where your files are placed for your web server to use.
These directories probably are:
1.  Directory /
2.  Directory /home/httpd/html
3.  Directory /home/httpd/cgi-bin
You have an option set for your "/home/httpd/html" directory that is not set for your cgi-bin directory.
I believe that option is  "AllowOverride AuthConfig".  Once you set that option for your cgi-bin directory, you should get the results you want.  Your files may be setup slightly different or in other locations than mine depending on your Linux configuration.  My Linix is RH6.1.
0
 

Author Comment

by:paulwhelan
ID: 2352258
i have
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/apache/htdocs"          

and

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/apache/htdocs">            

but am i only allowed specify one dir here?
should i change it to cgi-bin? or add in cgi-bin? if so, how?
thanks
paul
0
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

 
LVL 2

Expert Comment

by:mzehner
ID: 2354961
OK, your DocumentRoot is "/usr/local/apache/htdocs", mine is "/home/httpd/html" as shown above.
These directory areas are specified similar to stop and start formats in html.  For general format you have:

<Directory directoryname> #starts section
Options
..
..
</Directory>       #ends section

You should have entries like this for several directories such as:
/
/usr/local/apache/htdocs
/usr/local/apache/cgi-bin
There are also some others.  The top one is for the root filesystem, the second is my document root, the third is my cgi-bin directory.  Yours may be in different order.  What version of Linux are you running?  Below is a copy of my file without comments.

<Directory />
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride AuthConfig
</Directory>
<Directory /home/httpd/html>
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride AuthConfig
order allow,deny
allow from all
</Directory>
<Directory /home/httpd/cgi-bin>
AllowOverride AuthConfig
Options ExecCGI Indexes Includes FollowSymLinks MultiViews
</Directory>
Alias /doc /usr/doc
<Directory /usr/doc>
order deny,allow
deny from all
allow from localhost
Options Indexes FollowSymLinks Includes ExecCGI MultiViews
</Directory>
Errordocument 404 /cgi-bin/notfound.cgi

Note: Just make the change to your file that you need.  The above file has too many options in some areas for security reasone.  I did this when I was trying to get some things to work.  For instance the "/" directory should not have many options.
 

What I'm saying is to get your .htaccess file work in your cgi-bin directory, you need to add the line "AllowOverride AuthConfig" in its directory area.
If you're not sure, post a copy of your access.conf file (without comments) and I'll show you where you need to add the line.
0
 

Author Comment

by:paulwhelan
ID: 2358727
i changed the file (see below for what i changed it to)
and stopped and restarted apache and it wont work
i have a script in my cgi-bin dir and i have a .htaccess file in the cgi-bin dir and it doesnt ask for a password when i try to run the script....

it will work for html documents though....

paul


#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/apache/htdocs"

#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /usr/local/apache/cgi-bin>
    AllowOverride AuthConfig
    Options ExecCGI Indexes Includes FollowSymLinks MultiViews
</Directory>                                                   <Directory /usr/local/apache/htdocs>
    Options Indexes Includes FollowSymLinks ExecCGI MultiViews
    AllowOverride AuthConfig
order allow,deny
allow from all
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/apache/htdocs">
                                                   
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
    Options Indexes FollowSymLinks

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
    AllowOverride AuthConfig
                                             
0
 
LVL 2

Expert Comment

by:mzehner
ID: 2364861
I'm sorry, I am unable to help you.  I thought my webserver was running scripts properly, but when I tried to see how it ran on my server, I couldn't even test to see if I would have the same problem.  It was not running my scripts properly.  Unfortunately, documentation on the Apache web server is poor (at least what I can find).  Thanks for working with me on attempting to implement a solution.  Please reject my answer and hopefully you will be able to find someone who can help you better than I.  I'm afraid it will be some time before I can come up with a solution for your problem.  I apologize for any inconvenience I may have caused you.
0
 

Author Comment

by:paulwhelan
ID: 2366154
no problem
thanks for the help
0
 
LVL 40

Accepted Solution

by:
jlevie earned 100 total points
ID: 2369689
First locate the "ScriptAlias" directive in your Apache configuration (http.conf or https.conf in current versions or access.conf in earlier versions).

The default has "AllowOverride None" set for the "ScriptAlias" directory.  Change it to "AllowOverride Authconfig" to allow the use of .htaccess files in the directory pointed to by "ScriptAlias".

Make sure that there aren't any other locations  that change the AuthOverride directive for your cgi-bin directory. Then restart the server to apply the changes.

Check to see that the .htaccess file is readable by everone and that it it specifies an absolute path to the password file. It should contain something like:

AuthType Basic
AuthUserFile /opt/Apache/passwords
AuthName "Restricted directory"
require valid-user

With the location of the passwords set to where your file is and whatever you want for the AuthName.

Finally, try it by starting up a browser and going directly to an executable script in the cgi-bin directory.

Note that if you've already logged in to one protected directory, you won't be required to authenticate when visiting another protected directory in the same browser session unless different password files are used with different user ids.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will the learn the benefit of plain text editors and code an HTML5 based template for use in further tutorials.
Suggested Courses
Course of the Month11 days, 5 hours left to enroll

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question