Apache 1.3.36 upgrade broke my scripts

**chilihost** · 05-24-2006 03:44 PM

Hi,
I have a client running an anti-password sharing/hackin script on several of his domains, this script validates a user's login details against a common .htpasswd file. I did the apache update this morning and it broke this script. It seems that the script can no longer access the .htpasswd file that is residing on a different domain.

Is this by design in the new version of Apache? Or is there a workaround? This server is hosting a single client so cross-domain scripting security is not an issue. open_basedir protection was never enabled and cPanel still shows it as being not enabled. If I remove the script and use a simple .htaccess file referencing the .htpasswd file on the other domain, it works. Its only when the sript tries to access the .htpasswd file that it does not work. I tested it and if the script references a local .htpasswd file it works.

Maybe someone can suggest where else I can look??

thanks!

**spector** · 05-24-2006 03:49 PM

check apache error_log for details...
probably its bad permissions to dirs/file where .htpasswds reside. Note that user nobody need access to this dirs/file, so I suggest chowning group to :nobody.

**chilihost** · 05-24-2006 04:02 PM

error_log shows:

couldn't open password file '/home/edited/public_html/cgi-bin/.htpasswd': Permission denied at ./routines.pl line 138.

I tried chowning the .htpasswd file to edited.nobody but that did not seem to do the trick. Its got 666 permissions right now, I don't think that would make a difference

**bin_asc** · 06-01-2006 12:16 PM

Try chmodding ./routines.pl to 755 for starters.

LinkBack

Thread Tools

Apache 1.3.36 upgrade broke my scripts

phpMyAdmin broke with 11.25 upgrade

Apache/PHP upgrade broke Gallery

/scripts/easyapache works, but I need certain modules... WHM Upgrade Apache fails :-(

phpSUEXEC broke my scripts!