Please also check the known bugs page.
AuthGroupFile
-specified group file
format allows commas between user names - Apache does not.
If you follow the NCSA guidelines for setting up access restrictions
based on client domain, you may well have added entries for,
AuthType, AuthName, AuthUserFile
or AuthGroupFile
.
None of these are needed (or appropriate) for restricting access
based on client domain.
When Apache sees AuthType
it (reasonably) assumes you
are using some authorization type based on username and password.
Please remove AuthType
, it's unnecessary even for NCSA.
AuthUserFile
requires a full pathname. In earlier
versions of NCSA httpd and Apache, you could use a filename
relative to the .htaccess file. This could be a major security hole,
as it made it trivially easy to make a ".htpass" file in the a
directory easily accessible by the world. We recommend you store
your passwords outside your document tree.
OldScriptAlias
is no longer supported.
exec cgi=""
produces reasonable malformed header
responses when used to invoke non-CGI scripts.exec cmd=""
instead.
We might add virtual
support to exec cmd
to
make up for this difference.
.asis
files: Apache 0.6.5 did not require a Status header;
it added one automatically if the .asis file contained a Location header.
0.8.14 requires a Status header.
<VirtualHost>
treats all addresses as
"optional" (i.e. the server should continue booting if it can't resolve
the address). Whereas in NCSA the default is to fail booting unless
an added optional
keyword is included.
OnDeny
use
ErrorDocument
instead.