Please also check the known bugs page.
AuthGroupFile
-specified group file format allows commas between user names - Apache does not.If you follow the NCSA guidelines for setting up access restrictions based on client domain, you may well have added entries for, AuthType, AuthName, AuthUserFile
or AuthGroupFile
. None of these are needed (or appropriate) for restricting access based on client domain.
When Apache sees AuthType
it (reasonably) assumes you are using some authorization type based on username and password.
Please remove AuthType
, it's unnecessary even for NCSA.
AuthUserFile
requires a full pathname. In earlier versions of NCSA httpd and Apache, you could use a filename relative to the .htaccess file. This could be a major security hole, as it made it trivially easy to make a ".htpass" file in the a directory easily accessible by the world. We recommend you store your passwords outside your document tree.
OldScriptAlias
is no longer supported.
exec cgi=""
produces reasonable malformed header responses when used to invoke non-CGI scripts.exec cmd=""
instead.
We might add virtual
support to exec cmd
to make up for this difference.
.asis
files: Apache 0.6.5 did not require a Status header; it added one automatically if the .asis file contained a Location header. 0.8.14 requires a Status header.
<VirtualHost>
treats all addresses as "optional" (i.e. the server should continue booting if it can't resolve the address). Whereas in NCSA the default is to fail booting unless an added optional
keyword is included.OnDeny
use ErrorDocument
instead.