[thelist] .htaccess
Keith Davis
cache at dowebs.com
Thu May 31 21:33:05 CDT 2001
Martin Kuplens-Ewart wrote:
>
> How about placing it in the password-protected directory itself?
Doing onlt that would allow anyone with access to the directory to get
the password file. The .htpasswd will contain the plaintext userNames
and the encrypted passwords. Placing the .htpasswd in the protected
directory AND adding
<files ~ "^\.ht">
Order allow,deny
Deny from all
</files>
will deny access to both .htpasswd and .htaccess from any http client.
You can also use .htaccess to deny access to file types without using
the Basic Authentication directives, such as
<files ~ "*\.txt">
Order allow,deny
Deny from all
</files>
will make files ending in .txt safe from http clients too.
Matt Warden wrote:
>Though, I didn't think that apache would serve hidden files that
>started with a "."
that's purely optional in httpd.conf. Some server admins mistakenly are
thinking of the master .htpasswd file when they see that option and
"just to be on the safe side" screw everyone else up by hard coding the
path to that specific file. Might be what Livsey is up against.
keith
More information about the thelist
mailing list