htaccess woes

[Parker Morse]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday, Jul 26, 2004, at 09:52 US/Eastern, MKlinke wrote:
> On Monday 26 July 2004 08:43, Reuben D. Budiardja wrote:
>> On Monday 26 July 2004 08:57, MKlinke wrote:
>>> It sounds like you're putting the wrong file in the web site
>>> folder. Your setup should look something like below:
>>>
>>> ---- /etc/httpd/conf/httpd.conf -----
>>>
>>> <Directory "/var/www/html/protected_directory">
>>>         AllowOverride AuthConfig
>>>         Order deny,allow
>>>         Allow from all
>>> </Directory>
>>
>> I'm not sure if the above in httpd.conf is necessary. I think by
>> default the httpd.conf in RHEL (w/ apache2) allows you to put
>> .htaccess file anywhere.
>>
>> I'd try the suggestion below first, wihout changing the httpd.conf
>> and see if it works (except if you've changed the default so that
>> you need to explicitly enable AuthConfig option for the
>> protected_directory).
>
> Not exactly sure what you're referring to when you say "below", but if
> you're saying that:

Specifying the authorization configuration for a given directory can 
happen either in the httpd.conf file, or in a .htaccess file within the 
directory. However, since .htaccess files are additive - that is, an 
.htaccess for one directory affects all subdirectories - it's more 
efficient to specify stuff in the httpd.conf rather than make the 
server search all higher-level directories for .htaccess files which 
might change the effects of the one in the directory in question.

That said, I use .htaccess files, myself. They're easier to modify 
independently.

See <http://httpd.apache.org/docs-2.0/howto/auth.html> for more. 
(That's my source.)

pjm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFBBTosnRVGoRROKxIRAus2AJ9Pd6+u0AbFQQ05IDp9PdQ9k0IoSQCeMuVU
+ZYt2oX87A808PNtq1IFp/E=
=TsA5
-----END PGP SIGNATURE-----