Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 19 Jul 2000 19:04:29 -0400 (EDT)
From:      "Philip M. Gollucci" <gollucci@wam.umd.edu>
To:        ASe User <menzies1@airmail.net>
Cc:        "'freebsd-questions@FreeBSD.ORG'" <freebsd-questions@FreeBSD.ORG>
Subject:   Re: SSL and .htaccess
Message-ID:  <Pine.GSO.4.21.0007191903580.28521-100000@rac10.wam.umd.edu>
In-Reply-To: <01BFF1A7.AA6D8580.menzies1@airmail.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Don't put the .htpasswd file in webspace.  Only put the .htaccess and
.htgroup in webspace.  



*****************************************************************************
Philip M. Gollucci
E-mail      : gollucci@wam.umd.edu
	      Philip@p6m7g8.com
Phone       : 301.249.6261
Major       : Computer Science
	      Electrical Engineering
Current Job : Co Science, Discovery, & the Universe Webmaster
*****************************************************************************


On Wed, 19 Jul 2000, ASe User wrote:

> Hi,
> I have purchased space from an ISP on a FreeBSD 3.2 shell.  I'm trying to 
> set up a web site that has certain directories available only to certain 
> people.  .htaccess worked very well, and I have all the security in place. 
>  Then I implemented SSL.  Now I seem to have no security at all as long as 
> I use SSL.  For instance, if I request 
> http://www.advsysedu.com/private/password/.htpasswd I get security.  If I 
> request the same page with SSL 
> https://air12.airweb.net/advsysed/private/password/.htpasswd I get a 
> listing of the password file on my browser.  Is there something I can do 
> within htaccess to secure SSL?  For instance, I am currently using <Limit> 
> GET POST PUT HEAD </Limit> in my .htaccess file. Is there another I can add 
> for SSL? Is there something like SSLDenySSL for FreeBSD?  If so, how do I 
> use it?
> 
> Thanks for any help you can give me.
> Regards,
> Wes Menzies
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.21.0007191903580.28521-100000>