Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 07 Dec 1995 17:14:39 -0500
From:      Charles Owens <owensc@enc.edu>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: problem with .htaccess and apache (uh-oh**)
Message-ID:  <30C7674F.2781E494@enc.edu>
References:  <30C74676.41C67EA6@enc.edu>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Charles Owens wrote:
> 
> Hi,
> I'm running apache v1.0 on an AIX 3.2.5 box and have noticed some bad
> behaviour in terms of my .htaccess files.  Basicly, I can almost always
> get around the restriction!!!!!!!
> 
> An example - here's my .htaccess file, let's say from the
> directory /www/foo
> 
>   AuthUserFile /otherdir/.htpasswd
>   AuthGroupFile /dev/null
>   AuthName FooPages
>   AuthType Basic
> 
>   <Limit GET POST>
>   require valid-user
>   </Limit>
> 
> In /otherdir I have the required .htpasswd file.  If, with my
> browser, I try to access /www/foo (http://www.foo.net/www/foo) then
> I'm presented with the expected authentification dialog box.  If I enter
> the correct name and password I'm allowed access.  But let's assume that
> I instead hit cancel.  I'm presented with a page that says I'm not
> authorized.  Fine.  Now, I hit the browser's BACK button, and then, on a
> whim, I hit the FORWARD button.  Guess what?  I'm suddenly presented
> with the restricted page!!!!!!!  If I click on a link in this page I can
> get to it with the same steps:  Cancel, Back, Forward.
> 
> This doesn't seem right.  What am I doing wrong?
> 
> Just in case it matters (which it better not) I'm using Netscape 2.0b3
> on a FreeBSD 2.1-stable system.

WOW!!!! I just tried to reproduce this behaviour using Netscape 1.1N on
Windows 3.11 box and COULDN'T!!!

And... I downloaded the Windows3.1 version of 2.0b3 and it also wouldn't do
it.  So, it would seem that the problem lies with the Unix verion of 2.0b3
I'm using (actually the BSDI 1.1 binary).

So, if in fact I've setup my .htaccess file correctly (see above) then this
implies that the .htaccess scheme may be compromised by some fluke (feature? :-)
in the implementation of the browser.  This seems, to me, VERY
DISCONCERTING!!!!!

Comments?
---
-------------------------------------------------------------------------
  Charles Owens					 Email:  owensc@enc.edu
                                       "I read somewhere to learn is to
  Information Technology Services     remember... and I've learned that
  Eastern Nazarene College            we've all forgot..."   - King's X
-------------------------------------------------------------------------



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?30C7674F.2781E494>