[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ProgSoc] Cannot get access

To: "'James Wan'" <jywan@nospam.socs.uts.edu.au>, "'FatCat'" <helen@nospam.progsoc.uts.edu.au>
Subject: RE: [ProgSoc] Cannot get access
From: "Chris Mewett" <cmewett@nospam.progsoc.uts.edu.au>
Date: Wed, 13 May 1998 00:05:34 +1000
Cc: "'The Programmers' Society'" <progsoc@nospam.progsoc.uts.edu.au>
Importance: Normal
In-Reply-To: <Pine.SOL.3.95.980512191544.27395A-100000@nospam.charlie>
Reply-To: "Chris Mewett" <cmewett@nospam.progsoc.uts.edu.au>
Sender: owner-progsoc@nospam.progsoc.uts.edu.au

James Wan spaeth thus:
> Also, if anyone can tell me how to override the [401] error page
> so i can stick my own error page instead..
> is the file called notauth.html i create and stick it in the directory
> where .htaccess resides ?

Yes an no. Have a look at the custom errordocs information on the
http://docs.apache.org web site, or have a look what i did in
http://www.progsoc.uts.edu.au/~cmewett/errordocs for my own custom
pages, and http://www.progsoc.uts.edu.au/~cmewett/.htaccess for how it
is configured.

The no? It can't go in the same directory (If the web server is not
allowed to serve files in the directory based on incorrect
authentication, it can't give out an error document from that directory,
so it will cascade back to the default 401 page for the web server, or
possibly 500 (I think - I haven't checked how apache handles this). The
upshot is that it will have to go in a different directory, that doesn't
have access restrictions (suggestion: your public_html directory, or a
seperate directory off that).
As much as I can, I'd like to encourage anyone who has restricted files
in their html directories to create their own custom 401/403 pages, so
surfers don't hassle the www list when they can't see your pages.

gleNN! recently posted that restrictions probably can't be done per
file. This can not be done in htaccess files, so you will need to create
a different directory for each file/set of files you want restrictions
on.

The htaccess skeleton posted mentions:
> > AuthGroupFile /dev/null
I'd just like to note that this is not required for the apache web
server (which is what we're running) - it is in any documentation due to
a bug/feature in the NCSA http daemon.

A note on the error numbers you get:
401 would mean that the .htaccess file is working, but the password is
wrong, or your password file
403 means that the directory you're trying to access has incorrect file
permissions set, the htaccess file has the permissions wrong (If apache
can't read the file, it errs on the precautionary side), or that the
account has been locked.

A note on security:
Your htpasswd file does not need to be in a web accessible directory, so
it can be shoved in your home directory, where prying eyes can't find
it, the htaccess file just has to be pointing in the right place.

-- chris


------
Christopher Mewett           | http://www.progsoc.uts.edu.au/~cmewett
UTS Progsoc Web Co-ordinator |             cmewett@nospam.progsoc.uts.edu.au

--
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@nospam.progsoc.uts.edu.au.
If you are having trouble, ask owner-progsoc@nospam.progsoc.uts.edu.au for help.

This list is archived at <http://www.progsoc.uts.edu.au/lists/progsoc/>

References:
- Re: [ProgSoc] Cannot get access
  - From: James Wan <jywan@nospam.socs.uts.edu.au>

Prev by Date: Re: [ProgSoc] SCANDISK
Next by Date: Re: [ProgSoc] SCANDISK
Prev by thread: Re: [ProgSoc] Cannot get access
Next by thread: [ProgSoc] [Fwd: A password question]
Index(es):
- Date
- Thread