I have Apache setup on Ubuntu 9.10 using apt-get,
sudo /usr/sbin/apache2 \-version Server version: Apache/2.2.12 (Ubuntu)
I believe I may have run into a bug with the directive AllowOverride Indexes. This is supposed to allow me to specify Indexes in the .htaccess but does not work. If you know the answer please let me know at tinmanemail-posts@yahoo.ca
Here is a simplified configuration of my setup. If you require more detail please look at my full article on Creating Online Shares.
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName www.krypton.com ServerAlias www.krypton.com DocumentRoot /home/www.krypton.com/www # This restrictive a precedence for ALL directory blocks. <Directory /> Options FollowSymLinks # This prevents use of .htaccess AllowOverride None </Directory> # Main location of static content for the websites. <Directory /home/www.krypton.com/www/> Options +MultiViews Order Allow,Deny Allow from all </Directory> Alias /shared.private "/home/www.krypton.com/shared.private" <Directory /home/www.krypton.com/shared.private> # Allow website admin to use .htaccess - http://httpd.apache.org/docs/2.2/mod/core.html, # AuthConfig - Authentication # Indexes - Makes directory browseable # Specifically Indexes does NOT work and may be a bug with Ubuntu or Apache. AllowOverride AuthConfig Indexes # This DOES allow Indexes to work but I want things to be more secure. #AllowOverride All </Directory> ErrorLog /var/log/apache2/www.krypton.com.error.log # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel debug CustomLog /var/log/apache2/www.krypton.com.access.log combined </VirtualHost>
Here are the contents of /home/www.krypton.com/shared.private/.htaccess,
# Enables directory listing BUT does not appear to work with AllowOverride Indexes Options +Indexes # Enable authentication, see http://httpd.apache.org/docs/2.0/howto/auth.html AuthType Basic AuthName "Password Required" AuthUserFile /home/www.tin.homeip.net/keys/tinpham-www.tin.homeip.net.shared.private Require valid-user
The strange thing is that if I comment out in .htaccess Options + Indexes, the authentication directives work fine. This is the exact example given in the Apache Docs.
Here are the error logs again when running LogLevel debug.
64.229.193.132 - - [17/Feb/2010:11:43:02 -0500] "GET /shared.private/ HTTP/1.1" 500 640 "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0)"
[Wed Feb 17 11:43:02 2010] [alert] [client 64.229.193.132] /home/www.krypton.com/shared.private/.htaccess: Options not allowed here [Wed Feb 17 11:43:02 2010] [debug] mod_deflate.c(615): [client 64.229.193.132] Zlib: Compressed 623 to 383 : URL /shared.private/
Use Case Indexes by Itself Fails
I also used a simplified use case where the httpd.conf only contains,
AllowOverride AuthConfig Indexes
and the .htaccess only contains,
Options +Indexes
And the result is the same error.