> > I have set up a website containing pdf files in the following format:
> >
> > www.server.com/folder1/folder2/file1.pdf
> >
> > There is a htaccess file under folder1, so if someone tries to access
> > it, they receive a password prompt. If they try accessing folder2,
> > they get the same prompt. But if they type in the direct link to the
> > pdf file, there is no prompt.
> >
> > I've tried searching for why this happens, but have hit a brick wall.
> > Can anyone help me?
>
> Check your server logs and see if the username you authenticated with
> earlier was in that request. For example in this case the auth user was
> "testme":
>
> 192.168.1.245 - testme [04/Nov/2003:09:37:09 -0600] "GET
> /authtest/authtest2/ls.pdf HTTP/1.1" 200 18525
>
> Your browser remembers auth credentials for that particular AuthName on
> that hostname and uses them automatically, unless it fails, or browser is
> closed (assuming you have not done a "save password" on your browser).
> Otherwise post an example of your .htaccess (make sure auth directives are
> not between <Limit> or other tags).

Hi David

I tried using a different computer which had not previously accessed
the page and I was able to bypass the username/password prompt by
going directly to the page.

I checked my server log and the auth user is not being recorded. Where
you have "testme", I just have a dash.


My htaccess file is:

AuthType Basic
AuthUserFile "(password location)"
AuthName "Restricted Access."
AuthType Basic
require valid-user
satisfy any
ErrorDocument 401 /errors/forbidden.html

Thanks for your response,
Andrew