.htaccess in cgi-bin

i have a .htaccess file in my
htdocs/protected dir and it works fine
(i am asked for a password from the
.htpasswd file when i request the
data in that dir via my browser)
but when i put the exact same .htaccess file into my cgi-bin/protected dir it
wont work!

any ideas why not?
paulwhelanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

toToCommented:
not so bad :
CGI are programs, so you can make them manage acces control
0
mzehnerCommented:
Your Apache web server configuration files should be in the directory "/etc/httpd/conf"  There are three of them.  The one you need to fix is "access.conf".  In this file are listed options for various directories where your files are placed for your web server to use.
These directories probably are:
1.  Directory /
2.  Directory /home/httpd/html
3.  Directory /home/httpd/cgi-bin
You have an option set for your "/home/httpd/html" directory that is not set for your cgi-bin directory.
I believe that option is  "AllowOverride AuthConfig".  Once you set that option for your cgi-bin directory, you should get the results you want.  Your files may be setup slightly different or in other locations than mine depending on your Linux configuration.  My Linix is RH6.1.
0
paulwhelanAuthor Commented:
i have
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/apache/htdocs"          

and

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/apache/htdocs">            

but am i only allowed specify one dir here?
should i change it to cgi-bin? or add in cgi-bin? if so, how?
thanks
paul
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

mzehnerCommented:
OK, your DocumentRoot is "/usr/local/apache/htdocs", mine is "/home/httpd/html" as shown above.
These directory areas are specified similar to stop and start formats in html.  For general format you have:

<Directory directoryname> #starts section
Options
..
..
</Directory>       #ends section

You should have entries like this for several directories such as:
/
/usr/local/apache/htdocs
/usr/local/apache/cgi-bin
There are also some others.  The top one is for the root filesystem, the second is my document root, the third is my cgi-bin directory.  Yours may be in different order.  What version of Linux are you running?  Below is a copy of my file without comments.

<Directory />
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride AuthConfig
</Directory>
<Directory /home/httpd/html>
Options Indexes Includes FollowSymLinks ExecCGI MultiViews
AllowOverride AuthConfig
order allow,deny
allow from all
</Directory>
<Directory /home/httpd/cgi-bin>
AllowOverride AuthConfig
Options ExecCGI Indexes Includes FollowSymLinks MultiViews
</Directory>
Alias /doc /usr/doc
<Directory /usr/doc>
order deny,allow
deny from all
allow from localhost
Options Indexes FollowSymLinks Includes ExecCGI MultiViews
</Directory>
Errordocument 404 /cgi-bin/notfound.cgi

Note: Just make the change to your file that you need.  The above file has too many options in some areas for security reasone.  I did this when I was trying to get some things to work.  For instance the "/" directory should not have many options.
 

What I'm saying is to get your .htaccess file work in your cgi-bin directory, you need to add the line "AllowOverride AuthConfig" in its directory area.
If you're not sure, post a copy of your access.conf file (without comments) and I'll show you where you need to add the line.
0
paulwhelanAuthor Commented:
i changed the file (see below for what i changed it to)
and stopped and restarted apache and it wont work
i have a script in my cgi-bin dir and i have a .htaccess file in the cgi-bin dir and it doesnt ask for a password when i try to run the script....

it will work for html documents though....

paul


#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/usr/local/apache/htdocs"

#
# Each directory to which Apache has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# permissions.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /usr/local/apache/cgi-bin>
    AllowOverride AuthConfig
    Options ExecCGI Indexes Includes FollowSymLinks MultiViews
</Directory>                                                   <Directory /usr/local/apache/htdocs>
    Options Indexes Includes FollowSymLinks ExecCGI MultiViews
    AllowOverride AuthConfig
order allow,deny
allow from all
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/usr/local/apache/htdocs">
                                                   
#
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
    Options Indexes FollowSymLinks

#
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
#
    AllowOverride AuthConfig
                                             
0
mzehnerCommented:
I'm sorry, I am unable to help you.  I thought my webserver was running scripts properly, but when I tried to see how it ran on my server, I couldn't even test to see if I would have the same problem.  It was not running my scripts properly.  Unfortunately, documentation on the Apache web server is poor (at least what I can find).  Thanks for working with me on attempting to implement a solution.  Please reject my answer and hopefully you will be able to find someone who can help you better than I.  I'm afraid it will be some time before I can come up with a solution for your problem.  I apologize for any inconvenience I may have caused you.
0
paulwhelanAuthor Commented:
no problem
thanks for the help
0
jlevieCommented:
First locate the "ScriptAlias" directive in your Apache configuration (http.conf or https.conf in current versions or access.conf in earlier versions).

The default has "AllowOverride None" set for the "ScriptAlias" directory.  Change it to "AllowOverride Authconfig" to allow the use of .htaccess files in the directory pointed to by "ScriptAlias".

Make sure that there aren't any other locations  that change the AuthOverride directive for your cgi-bin directory. Then restart the server to apply the changes.

Check to see that the .htaccess file is readable by everone and that it it specifies an absolute path to the password file. It should contain something like:

AuthType Basic
AuthUserFile /opt/Apache/passwords
AuthName "Restricted directory"
require valid-user

With the location of the passwords set to where your file is and whatever you want for the AuthName.

Finally, try it by starting up a browser and going directly to an executable script in the cgi-bin directory.

Note that if you've already logged in to one protected directory, you won't be required to authenticate when visiting another protected directory in the same browser session unless different password files are used with different user ids.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Languages and Standards

From novice to tech pro — start learning today.