The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache 1.3.36 upgrade broke my scripts

Discussion in 'EasyApache' started by chilihost, May 24, 2006.

  1. chilihost

    chilihost Well-Known Member

    Joined:
    Mar 1, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    Hi,
    I have a client running an anti-password sharing/hackin script on several of his domains, this script validates a user's login details against a common .htpasswd file. I did the apache update this morning and it broke this script. It seems that the script can no longer access the .htpasswd file that is residing on a different domain.

    Is this by design in the new version of Apache? Or is there a workaround? This server is hosting a single client so cross-domain scripting security is not an issue. open_basedir protection was never enabled and cPanel still shows it as being not enabled. If I remove the script and use a simple .htaccess file referencing the .htpasswd file on the other domain, it works. Its only when the sript tries to access the .htpasswd file that it does not work. I tested it and if the script references a local .htpasswd file it works.

    Maybe someone can suggest where else I can look??

    thanks!
     
  2. spector

    spector Well-Known Member

    Joined:
    Jun 27, 2005
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    6
    check apache error_log for details...
    probably its bad permissions to dirs/file where .htpasswds reside. Note that user nobody need access to this dirs/file, so I suggest chowning group to :nobody.
     
  3. chilihost

    chilihost Well-Known Member

    Joined:
    Mar 1, 2005
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    6
    error_log shows:

    couldn't open password file '/home/edited/public_html/cgi-bin/.htpasswd': Permission denied at ./routines.pl line 138.

    I tried chowning the .htpasswd file to edited.nobody but that did not seem to do the trick. Its got 666 permissions right now, I don't think that would make a difference
     
  4. bin_asc

    bin_asc Well-Known Member

    Joined:
    Jul 18, 2005
    Messages:
    280
    Likes Received:
    0
    Trophy Points:
    16
    Try chmodding ./routines.pl to 755 for starters.
     
Loading...

Share This Page