basic apache/linux security?

This is a discussion on basic apache/linux security? within the Linux Security forums, part of the System Security and Security Related category; I have an apache server in which I have not had to mess with in three years. I currently have ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page basic apache/linux security?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-23-2005
MD
 
Posts: n/a
Default basic apache/linux security?
I have an apache server in which I have not had to mess with in three
years. I currently have security set-up on the 'htdocs' directory, but
recently we needed to share out a directory with no security. I
thought I did was I suppose to w/o using .htaccess files to accomplish
this. But I get prompted for username/security when accessing this
directory. The strange thing is, I can can hit cancel 3 times and
access the page without a problem. Here's my config.

##########No security needed, but get prompted when accessing.
alias /comm/ "/usr/local/apache/comm/"

<Directory "/usr/local/apache/comm/">
Options Indexes MultiViews
AuthAuthoritative Off
AllowOverride None
Order allow,deny
Allow from all
</Directory>

#########Secured, want to keep it that way.
<Directory "/usr/local/apache/htdocs">
AuthType Basic
AuthName "(Use lowercase please)"
AuthUserFile /usr/local/ops/users
require valid-user
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

Reply With Quote
  #2 (permalink)  
Old 03-25-2005
Jim Richardson
 
Posts: n/a
Default Re: basic apache/linux security?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 23 Mar 2005 09:14:47 -0800,
MD <dbmeyers@mac.com> wrote:
> I have an apache server in which I have not had to mess with in three
> years. I currently have security set-up on the 'htdocs' directory, but
> recently we needed to share out a directory with no security. I
> thought I did was I suppose to w/o using .htaccess files to accomplish
> this. But I get prompted for username/security when accessing this
> directory. The strange thing is, I can can hit cancel 3 times and
> access the page without a problem. Here's my config.
>

Check the code for the page you are trying to access, does it have
images, or other elements pulled from the restricted directory? Those
are probably triggering the password check, even if they aren't being
used on the page in question in any meaningful way. Try putting a simple
test page in the open directory, and seeing if viewing that triggers the
security check.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCRFJld90bcYOAWPYRAnsYAJ9k2iePjV3Vr4YnNwgrDF A62LuK5wCgtxJ9
QucGuJE3KCTgcpA91oR3/4M=
=uW5Y
-----END PGP SIGNATURE-----

--
Jim Richardson http://www.eskimo.com/~warlock
Instruction ends in the schoolroom -- but education
ends only with life. -- Publilius Syrus.

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 04:28 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0