Access Problem !!!

Hello,

We have created a directory and we have protected it with an htaccess / htpasswd files.

Everything work fine :

http://www.lawrent.com/test/test.htm

But if you try to access this page from the public_html there is no more protection

http://65.110.36.145/~lawrentc/test/test.htm

We’ve made a lot of tests and it is true for all accounts

Do we have to enable something in the /etc/httpd/conf/httpd.conf file ?

UserDir public_html

Control access to UserDir directories. The following is an example

for a site where these directories are restricted to read-only.

#<Directory /home/*/public_html>

AllowOverride FileInfo AuthConfig Limit Indexes

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

<Limit GET POST OPTIONS PROPFIND>

Order allow,deny

Allow from all

</Limit>

<LimitExcept GET POST OPTIONS PROPFIND>

Order deny,allow

Deny from all

</LimitExcept>

#</Directory>

Thanks a ton for your help

Pascal

we’ve updated the /etc/httpd/conf/httpd.conf file and now it seems to be ok

UserDir public_html

Control access to UserDir directories. The following is an example

for a site where these directories are restricted to read-only.

<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
</Directory>

But is it enough ? is it ok ?

Pascal

in fact we changed this to enter exactly the same data than a normal /conf.d/domaine.tld.conf

<Directory /home/*/public_html>
AllowOverride AuthConfig FileInfo Limit Indexes
</Directory>

Should it be better to have this <Directory /home/*/public_html> directive setup by domain/virtualhost basis rather than for all ?

I think it should be better to add in /etc/httpd/conf.d/domain.tld.conf this ddirective

Interworx should create it by default, with the same Allowoveride than the virtualhost itself

Pascal

I’m not sure why you are having that problem with the different URLs, but you may want to add something like this to your .htaccess file.

# Change to the preferred domain
RewriteEngine On
RewriteCond %{HTTP_HOST} !^65\.110\.36\.145/~lawrentc
RewriteRule ^(.*)$ http://www.lawrent.com/$1 [R=301,L]

it’s normal. When you access to the domain without using the domain.tld but the user_dir, the virtualhost config file taken in account is not this of the domain.
In fact what is taken in account is the <directory /home/*/public_html> in the httpd.conf file

so if you do not edit the <directory /home/*/public_html> in the httpd.conf file it may have a lot of security pbm as no restriction acces with htaccess and htpasswd files.

I’ll write an other post on this subject as there is others pbms

Pascal