Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

.htaccess, DirectoryIndex and FilesMatch

Status
Not open for further replies.
braddik

braddik

Technical User
Feb 8, 2005
2
CA
My .htaccess includes a FilesMatch for "index.html". Index.html is included in my DirectoryIndex directive. If a browser requests the directory without specifying index.html, they are denied access with "authorization required", and not given the opportunity of authenticating. However, if the request includes the specific "index.html", then the password dialogue is presented.

I have also tried this with Files instead of FilesMatch.

I am running Fedora Core 3/Apache 2.0.52. The same configuration under Windows XP/Apache 2.0.52 presents the password dialogue whether "index.html" is requested or not.

Am I doing something wrong, or is this the expected behaviour, and the Windows response is actually the anomaly?

Thanks for any insights...
 
Sort by date Sort by votes
braddik,

Have you tried commenting out the FilesMatch in your .htaccess? That should cause Apache to prompt for login credentials regardless of the file that is requested.

Wishdiak
A+, Network+, Security+, MCSA 2003 certified
 
Upvote 0 Downvote
Hello Wishdiak:

Yes, commenting out the FilesMatch resulted in a login prompt all right, but I'm trying to catch that one file only.

Any other ideas? I don't understand why this mechanism works under XP, just not under Fedora. I've got to be missing something, but I can't figure what.

Thanks.
 
Upvote 0 Downvote
Authentication and authorisation come before the directory rewrite stage in Apache's process model. Apache will re-fire the authentication/authorisation process for each attempted rewrite, but many authentication modules bow out of all URL rewrites, either declining, or returning their original status regardless of the altered URI. Odd, but true. Also, it's dependent on the index-file rewrite module to honour an authentication-requested return by forwarding it on to the user. Which authentication module are you using? You'd need to examine the code for the Fedora version of both that and the index-file rewrite module to be sure of what's really going on.

However, a possibly simpler patch-fix might be to use "^$|^index.html$" in your FilesMatch directive to catch only the index file and the blank path that will be translated into it, perhaps?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
301
Krus1972
Krus1972
SamBones
  • Locked
  • Question
CentOS 7 and Putty
Replies
2
Views
265
SamBones
SamBones
KannaChan
  • Locked
  • Question
TLS1.2 and TLS1.0 proxy in same Virtualhost
Replies
1
Views
237
ChrisHirst
ChrisHirst
gandalf458
  • Locked
  • Question
SEO-friendly URLs and .htaccess
Replies
4
Views
224
ChrisHirst
ChrisHirst
tyutghf
  • Locked
  • Question
htaccess password protect website
Replies
1
Views
148
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top