I have used the .htaccess method to password protect a folder for a /public_html/ site...but its also a virtual host, and if I go to the .com address, the folder is accessable, how do I protect a virtual host folder?

Thanks

Hi Chris, I am afraid I don't understand your problem since I am also on a virtual host but have never encountered a problem like this.

Tell me about your server, that will help...

__________________
J de Silva
Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™

Server is running FreeBSD 4.6 with Apache 2.0.

The problem is basically this:

I set up a .htaccess file for a user who requested a password protected folder. I could go to her user site address.. (i.e. www.domain.com) and it worked fine. but her virtual domain address still allowed access to the folder. I actually just figured out the problem though. I had to set the allowoverride statement inside her virtual host statement. (also had a link established from a virtual hosts folder to her home directory, I removed that and pointed the document root to her home directory.)

Its working great after those changes.

yes, that <Directory></Directory> virtual host setting is something a lot of us forget about, I know I did.

I guessed it would have been the AllowOveride directive but that 'link established from a virtual hosts folder to her home directory' still has me confused, care to share what you found out?

__________________
J de Silva
Learning Journal | GIDForums™ | GIDNetwork™ | GIDWebhosts™ | GIDSearch™

Well all that was for was do to the way we have our users set up. our users home directory is all in regards to what kind of account they have. a standard user has a directory of home/standard. now if they switch to a business acount, it is changed to /home/biz. So we established a folder of /usr/local/www/vdom and put links in there that point to the users home directory. And the httpd.conf file just points to the link. SO, when a user changes the account, all we have to do is change the link. To me, its just a needless step, but I walked into this, as it was done that we before I arrived. Whenever I set them up I just point it to the users directory, ignoring the link....

You should never use simlinks in web addresses anyways always use either hard links or better yet point to vdomain to the actual directory it is alot more secure.