Forum Moderators: phranque
i run apache2 on my own win2000 machine.
1 my homepage document is /apache2/htdocs/index.html.
2 on homepage i make a link to my forum welcome page which is /apach2/htdocs/forums/index.php.
3 my .htaccess file is put in directory /apache2/htdocs/forums/ and is written as below:
----------------
AuthUserFile "c:/apache group/apach2/cgi-bin/hellopass"
AuthGroupFile /dev/null
AuthName "Invited only"
AuthType Basic
<LIMIT GET POST>
require valid-user
</LIMIT>
ErrorDocument 401 /index.html
------------------
my question being:
obviously, i want unauthorized user to return my homepage when he supplied a wrong password. but my trouble is: when unauthorized user is 'redirected' there he can not download the homepage correctly.only part of plain text content is gotten and other content like *.gif, *.jpg files is ignored! what's wrong with my configuration and how should i do to meet my end?
p.s. if the line " ErrorDocument 401 /index.html" is removed from .htaccess, thing seems totally correct.
sorry for my poor english and thanks for anyone's reply!
my site url
[mysite.com...]
my forum url
[mysite.com...]
The following modification will limit access to .html files only, and thus allow the visitor's browser to fetch the images:
<FilesMatch "\.html$">
<Limit GET POST>
require valid-user
</Limit>
</FilesMatch>
Jim
below are testing results:
1 if .htaccess file reads as this
-----------------
AuthUserFile "c:/apache group/apache2/cgi-bin/hellopass"
AuthGroupFile /dev/null
AuthName "Invited only"
AuthType Basic
<LIMIT GET POST>
require valid-user
</LIMIT>
ErrorDocument 401 /index.html
-----------------
put [mysite.com...] in my browser url address bar, then get site homepage and i can see in browser url address bar:
[mysite.com...]
that's no problem.
the next step, press "enter" button on site homepage which links to my forum homepage, then pops up a pop-up which requires username and password. click "cancel" on the pop-up, pop-up pops up again, "cancel" again(totally twice "cancel"), then i get a page similar to my site homepage just without any image(the "enter" button is reserved and no other text content too). it is important that i can see in browser url address bar:
[mysite.com...]
not
[mysite.com...]
continue.
press "enter" button on the "incorrect" site homepage. pop-up pops up twice again and i "cancel" twice too. i can see in browser url address bar:
[mysite.com...]
try clicking "back" button on my browser. pop-up pops up again and again and i "cancel" again and again till no pop-up pops up. i can see in browser url address bar:
[mysite.com...]
and get forum homepage just without image files(can see all text content which my forum homepage contains this time)
2 if .htaccess file reads as this
--------------------
AuthUserFile "c:/apache group/apache2/cgi-bin/hellopass"
AuthGroupFile /dev/null
AuthName "Invited only"
AuthType Basic
<FilesMatch "\.html$">
<LIMIT GET POST>
require valid-user
</LIMIT>
</FilesMatch>
ErrorDocument 401 /index.html
---------------------
put [mysite.com...] in my browser url address bar, then get site homepage and i can see in browser url address bar:
[mysite.com...]
that's no problem
the next step, press "enter" button on site homepage which links to my forum homepage, then pops up a pop-up which requires username and password. click "cancel" on the pop-up, NO POP-UP POPS UP AGAIN THIS TIME(THAT'S TO SAY I ONLY "CANCEL" ONCE) and get a page similar to my site homepage just without any image(the "enter" button is reserved and no other text content too). it is important that i can see in browser url address bar: [mysite.com...]
not
[mysite.com...]
continue.
press "enter" button on the "incorrect" site homepage. THIS TIME NO POP-UP POPS UP AND I GET A PAGE WHICH SAYS 404 ERROR. i can see in browser url address bar:
[mysite.com...]
try clicking "back" button on my browser.OH, MY GOD! I GET MY FORUM HOMEPAGE TOTALLY CORRECT WITH NO POP-UP WHICH REQUIRES A USERNAME AND A PASSWORD AS IF I HAD SUPPLIED CORRECT USERNAME AND PASSWORD.
sorry jim, this is not what i want(but thanks anyway for your kind help)
now i'm still in trouble with this question and look forward to any help from anyone.
thanks in advance!
again, thanks jim!
OK, I think I see the problem...
Because the browser address bar is not updating after the 401, all image references by index.php are being requested relative to the /forums subdirectory.
Here's one suggestion that should work, if you implement it this way, or in any similare way:
In /forums/.htaccess, change your Limit directive to:
<Files *>
<Limit GET POST>
Require valid-user
</Limit>
</Files>
Then change the Errordocument directive slightly:
ErrorDocument 401 /needpw.html
Next, create a simple .html page "needpw.html" in your web root (home page) directory, with a normal page <head> section. The body can be empty.
Add a meta-refresh to the <head> section of this new page:
<meta http-equiv="Refresh" content="1;URL=http://www.yourdomain.com/">
This will force a 302 redirect to the canonical URL of your site, and remove the strange problem of missing images and incorrect address bar URL.
Rather than creating the needpw.html meta-refresh page, you could also use a RedirectMatch directive or a mod_rewrite rule to do a 301 or 302 redirect from /needpw.html to "/" -- whichever makes you more comfortable.
You will have to make sure that no other redirects or directives in your .htaccess files (including the one in your home directory) will interfere with these directives.
I hope that helps,
Jim
w3web
