Apache 1.3.36 upgrade broke my scripts

chilihost

Well-Known Member
Mar 1, 2005
72
0
156
Hi,
I have a client running an anti-password sharing/hackin script on several of his domains, this script validates a user's login details against a common .htpasswd file. I did the apache update this morning and it broke this script. It seems that the script can no longer access the .htpasswd file that is residing on a different domain.

Is this by design in the new version of Apache? Or is there a workaround? This server is hosting a single client so cross-domain scripting security is not an issue. open_basedir protection was never enabled and cPanel still shows it as being not enabled. If I remove the script and use a simple .htaccess file referencing the .htpasswd file on the other domain, it works. Its only when the sript tries to access the .htpasswd file that it does not work. I tested it and if the script references a local .htpasswd file it works.

Maybe someone can suggest where else I can look??

thanks!
 

spector

Well-Known Member
Jun 27, 2005
51
0
156
check apache error_log for details...
probably its bad permissions to dirs/file where .htpasswds reside. Note that user nobody need access to this dirs/file, so I suggest chowning group to :nobody.
 

chilihost

Well-Known Member
Mar 1, 2005
72
0
156
error_log shows:

couldn't open password file '/home/edited/public_html/cgi-bin/.htpasswd': Permission denied at ./routines.pl line 138.

I tried chowning the .htpasswd file to edited.nobody but that did not seem to do the trick. Its got 666 permissions right now, I don't think that would make a difference