Protect cgi-bin directory using .htaccess

cccc · 12-07-2009, 01:05 PM

hi

Howto protect a cgi-bin sub-directory using .htaccess on Etch with Apache 2.2.3-4?
I've tried in .htaccess:

Code:

AuthUserFile /var/pw/.htpasswd

  AuthGroupFile /dev/null
  AuthName "Password Required"
  AuthType Basic

  require user mysecretuser

but I'm getting Internal Server Error.

bathory · 12-07-2009, 01:24 PM

Hi,

You need to also edit httpd.conf and use something like:

Code:

<Directory "/path/to/apache/cgi-bin">
deny from all
AllowOverride AuthConfig
Order allow,deny
</Directory>

cccc · 12-07-2009, 02:26 PM

Quote:

Originally Posted by bathory

Hi,

You need to also edit httpd.conf and use something like:

Code:

<Directory "/path/to/apache/cgi-bin">
deny from all
AllowOverride AuthConfig
Order allow,deny
</Directory>

I changed how you suggested, but now I'm getting the following message:

Forbidden
You don't have permission to access /cgi-bin/formmail/fpm.cgi on this server.

bathory · 12-07-2009, 04:36 PM

Were you prompted to give username/password?
Can apache user read the password file (/var/pw/.htpasswd)?
What do the logs say?

cccc · 12-07-2009, 06:16 PM

THX, I've created .htpasswd again using:

# htpasswd -c /var/pw/.htpasswd mysecretuser

restarted the server and now it seems to work.