[SOLVED] Apache and AuthConfig

[free_bsd]

Hello all,

 

I have made a directory for authentication (htpasswd)

 

When i put it in a .htaccess file and browse to the content i see the directory secret as a directory on my webpage. (i dont have a index.html so i see directory's

And when i put it in httpd.conf as a <Directory> and browse to my webpage the directory isnt visible, only by typing it for example http://my.domain.com/~user/secret

 

Hope someone can tell me if this is normal ? (if you understand my bad english

 

Thanks, Free_BSD

 

[steviewdr]

If the files (secret) are named as follows:

 

.htpasswd  = place where the password/secret should be stored

.htaccess    = place to tell apache where the .htpasswd is kept etc.

 

then by default apache will not allow anyone to access them.

 

-steve

[free_bsd]

Ah thanks,

 

So if i don't use .htaccess and instead put it in my httpd.conf as :

 

<Directory /home/*/public_html/secret>

    AllowOverride AuthConfig

    AuthType Basic

    AuthName "secret"

    AuthUserFile /usr/local/www/apache22/passwd/passwords

    Require user test

</Directory>

 

Then such a directory will never be visible ? and only can be accessed if you know the name of the directory ? to put in your username and password.

 

and with .htaccess a directory is visible ?

 

Sorry for the noobynish but i read that the use of <Directory></Directory> is saver then .htaccess

[steviewdr]

Ok - Putting the Auth details in <Directory></Directory> is better practice.

 

BUT - you should still keep passwords in a file named ".htpasswd". NOT in a file called passwords. So it should be the following:

AuthUserFile /usr/local/www/apache22/passwd/.htpasswd

 

Anyways, as you asked:

No, the <Directory /home/*/public_html/secret> will not be visible to those without the password.

Yes - The person WILL have to know the name of the directory

Yes - The user test will have to enter the correct password.

 

-steve

[free_bsd]

Now it is very clear to me,

 

Thanks very much !