I'm not sure if this is the correct forum for this thread; if it is not, my apologies.
Concerningly enough, IE7 seems to bypass .htaccess somehow on Apache. The user is still presented with a username/password prompt, but canceling this will allow them to browse a good deal of the website's content. Just from visually observing the process, it seems as if webpage content is downloaded
until the prompt is generated.
When browsing in Firefox (and, as far as I can remember, IE6), Apache behaves appropriately; but, of course, in server-side security, one has to assume the user will take advantage of any flaws.
Has this always been a problem in Apache, or has this problem newly emerged with IE7? Is there some mistake I'm making with regards to security?
For reference, here's an edited version of the .htaccess file in question:
Code:
AuthName "Who goes there?"
AuthType Basic
AuthUserFile [absolute location of .htpasswd file]
AuthGroupFile /dev/null
<Limit GET POST>
require user [username]
</Limit>