Raymond Norton writes: > Just a quick question. I am trying to secure a directory in my > cgi-bin , but I do not get a password prompt. If I move the directory > outside of the cgi-bin it works. What is the safest way to get this > to work without moving the "wol" directory outside of cgi-bin I recommend using .htaccess whenever possible instead of putting directory specific config info into httpd.conf. You will need to enable AuthConfig in the AllowOverride directive for that path. An easy way to test that Apache is using access rules is to deny everything: Deny from all Once you have that working, you can change it to allow valid users. You need to understand how HTTP authentication works. The first time a request is made to a protected URL, the server returns an HTTP 401 Unauthorized with a WWW-Authenticate header field. Normally, this causes the browser to prompt the user for a username and password. The browser then repeats the request with credentials that the user entered. If these are incorrect, the server again responds with a 401. Pressing the cancel button on the username and password dialog usually cause the browser to display the 401 page. After successfully authenticating, most browsers will then use the same credentials for every URL on that domain during the same session, or forever if the "save password" box is checked. This can cause confusion when configuring a server, since it will appear that the server is not requiring authentication. See RFC 2617 for more info about HTTP authentication. > <Limit GET POST PUT> You probably don't want this Limit section. Remove it. -- David Phillips <david at acz.org> http://david.acz.org/ _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list