[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Front Page Passwords Not Required

Subject: Re: [cobalt-users] Front Page Passwords Not Required
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Wed Mar 22 15:57:59 2000
Organization: nobaloney.net

Will DeHaan wrote:
> 
> Jeff, do you have shell access to the openly accessible FP web?
> 
> Please find and post .htaccess files and their contents.  If they're
> missing or corrupt we'll know the symptom <frown> and can better isolate
> the cause <frown, again>.

Will (and others):

Thanks for attempting to help me with this.  This is severely broken
behavior.  I don't think the problem lies with these files, but with the
"fixes" installed on the systems.

The reason I think that is these files are exactly the same on the RaQ2
that does it right, except for expected differences in IP#s and site#s.

To reiterate, one RaQ2 does it right, the other does it wrong, and the
only differences I can see between them is the "fixes" on the systems
(see my original post for the comparative list).

Here's the "find" results and the "cat" results for .htaccess for this
domain on my client's RaQ2:
> 
> [admin web]$ find . -name ".htaccess"
> ./_vti_pvt/.htaccess
> ./_vti_log/.htaccess
> ./_private/.htaccess
> ./_vti_txt/.htaccess
> ./_vti_cnf/.htaccess
> ./_vti_bin/_vti_adm/.htaccess
> ./_vti_bin/_vti_aut/.htaccess
> ./_vti_bin/.htaccess
> [admin web]$ cat _vti_pvt/.htaccess
> # -FrontPage-
> 
> Options None
> 
> <Limit GET POST PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthName www.harriette.com
> 
> 
> [admin web]$ cat _vti_log/.htaccess
> # -FrontPage-
> 
> Options None
> 
> <Limit GET POST PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthName www.harriette.com
> 
> 
> [admin web]$ cat _private/.htaccess
> # -FrontPage-
> 
> Options None
> 
> <Limit GET POST>
> order deny,allow
> deny from all
> allow from all
> require group site5 admin
> 
> </Limit>
> <Limit PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthType Basic
> AuthName www.harriette.com
> 
> 
> [admin web]$ cat _vti_txt/.htaccess
> # -FrontPage-
> 
> Options None
> 
> <Limit GET POST PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthName www.harriette.com
> 
> 
> [admin web]$ cat _vti_cnf/.htaccess
> # -FrontPage-
> 
> Options None
> 
> <Limit GET POST PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthName www.harriette.com
> 
> 
> [admin web]$ cat _vti_bin/_vti_adm/.htaccess
> # -FrontPage-
> 
> Options None
> 
> <Limit GET POST>
> order deny,allow
> deny from all
> allow from all
> require group site5 admin
> 
> </Limit>
> <Limit PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthType Basic
> AuthName www.harriette.com
> 
> 
> [admin web]$ cat _vti_bin/_vti_aut/.htaccess
> # -FrontPage-
> 
> Options None
> 
> <Limit GET POST>
> order deny,allow
> deny from all
> allow from all
> require group site5 admin
> 
> </Limit>
> <Limit PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthType Basic
> AuthName www.harriette.com
> 
> 
> [admin web]$ cat _vti_bin/.htaccess
> # -FrontPage-
> 
> Options None
> 
> <Limit GET POST>
> order deny,allow
> deny from all
> allow from all
> </Limit>
> <Limit PUT DELETE>
> order deny,allow
> deny from all
> </Limit>
> AuthName www.harriette.com
> 
> 
> [admin web]$

and here's the listing from /etc/httpd/conf/httpd.conf for the site in
question on the machine that doesn't ask for the password:
> 
> <VirtualHost 209.126.128.43>
> ServerName www.harriette.com
> ServerAdmin admin
> ServerAlias harriette.com
> DocumentRoot /home/sites/site5/web
> 
> RewriteEngine on
> RewriteCond %{HTTP_HOST}                !^209.126.128.43(:80)?$
> RewriteCond %{HTTP_HOST}                !^www.harriette.com(:80)?$
> RewriteRule ^/(.*)                      http://www.harriette.com/$1 [L,R]
> RewriteOptions inherit
> AliasMatch ^/users/([^/]+)(/(.*))? /home/sites/site5/users/$1/web/$3
> ScriptAlias /_vti_bin/_vti_adm/ /home/sites/site5/web/_vti_bin/_vti_adm/
> ScriptAlias /_vti_bin/_vti_adm/ /home/sites/site5/web/_vti_bin/_vti_aut/
> ScriptAlias /_vti_bin/ /home/sites/site5/web/_vti_bin/
> AliasMatch ^/~([^/]+)(/(.*))? /home/sites/site5/users/$1/web/$3
> </VirtualHost>

Please help me with this; it's hard to charge a customer for a system
that doesn't work.

Thanks.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

Follow-Ups:
- Re: [cobalt-users] Front Page Passwords Not Required
  - From: Will DeHaan

References:
- [cobalt-users] Front Page Passwords Not Required
  - From: Jeff Lasman
- Re: [cobalt-users] Front Page Passwords Not Required
  - From: Will DeHaan

Prev by Date: [cobalt-users] [RAQ2] CNAME?
Next by Date: [cobalt-users] {raq3} please help //var/lib/rpm/packages.rpm
Previous by thread: Re: [cobalt-users] Front Page Passwords Not Required
Next by thread: Re: [cobalt-users] Front Page Passwords Not Required

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index