Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

.htaccess weird problem

Status
Not open for further replies.
Guest_imported

Guest_imported

New member
Jan 1, 1970
0
Ok so I have this weird .htaccess problem. I'm sure that my override settings are correct in httpd.conf and I'm sure that .htaccess and .htpasswd are set up correctly. Now, when I go to the supposedly password protected directory it doesn't ask me for a password BUT if I click reload or click on a link to another document in the directory, it does ask me for a password.

My cache is clear so its not that either. I also tested this on several computers so I'm pretty sure its not the cache. Further research revealed that if I call up the directory as no password will be asked for but if I do a password WILL be asked for. The same goes for all the sub directories.

If anyone could shed some light on this that would be great!

Thanks
 
Sort by date Sort by votes
Whats going on is you have your web server (or someone's web server) setup to allow for indexing of directories via the browser. This means your web server allows people to via the files in that directory in index form. So simply turn that option off by the editing the httpd.conf file for the web server. You will probably have the first example which just change to the second example shown.

Options All <--- is this what you have?

Options FollowSymLinks Includes ExecCGI <--- change to something like this

The one you dont want in the &quot;Options&quot; line is &quot;Indexes&quot;. Notice also in the httpd.conf that there is a line for the following which is ok to leave uncommented.

# FancyIndexing is whether you want fancy directory indexing or standard
#
IndexOptions FancyIndexing

Hope this helps,

Maxit
 
Upvote 0 Downvote
Thanks, that was half my problem.. But if anyone else reads this and has a similar situation here was the other half of my problem, this is kinda unique so:

At our company, all the stations are on a proxy server that connects to the Internet for us, so all our connections look like their coming from a single IP address. Once one person logged into the site, every other user would no longer be asked for a password as it appeared to the server that they were from the same IP. Needless to say this initially created some weird behaviour. This dawned on me when I looked at the Apache logs and saw the same IP address all the way down after using about six different computers.

So, I tested my theory on another password protected site and found that my theory held true. If one person behind a proxy server logs onto a site, someone else behind that proxy server can also do so without a password being entered.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
238
Krus1972
Krus1972
TSch
  • Locked
  • Question
Problem with NFS automount
Replies
1
Views
135
iggsterman
iggsterman
tyutghf
  • Locked
  • Question
htaccess password protect website
Replies
1
Views
115
feherke
feherke
Agent0007
  • Locked
  • Question
Problem Configuring Kerberos
Replies
0
Views
164
Agent0007
Agent0007
audiopro
  • Locked
  • Question
.htaccess problem
Replies
6
Views
151
audiopro
audiopro

Part and Inventory Search

Sponsor

Back
Top