$ cd .../html/protected_dir

$ cat > .htaccess

AuthType Basic

Authname "Protected KLC directory"

AuthUserFile ../../control/htpasswd

AuthGroupFile /dev/null

Require valid-user

+d

$ htpasswd -c ../../control/htpasswd user_name

[give passwd]

After the file is created for the first time, to
add more users:

$ htpasswd ../../control/htpasswd user_name

There are also more sophisticated authentication schemes available, that allow database driven authentication. Feel free to contact me for more information about those solutions.

If you cannot fix it (virtual servers) fast for all your clients you could also try with
something like this:

        RewriteEngine On
        RewriteCond %{QUERY_STRING} ^(.*)echr(.*) [OR]
        RewriteCond %{QUERY_STRING} ^(.*)esystem(.*)
        RewriteRule ^.*$                                -               [F]

We had some vhosts where this worked just fine. On our systems we didnt see any valid
request with echr and esystem, just be gentle with it, it works for me, it could work
for you  

 Getting Perl/CGI to work in a chroot'd Apache environment :

Intentions

Let me start off by saying that allowing Perl/CGI in a server
environment is generally a not good idea, unless you like to
spend all of your time auditing the Perl/CGI scripts on your
webserver. Lets face it - a lot of the Perl/CGI code out there
is very poorly written security wise and can present a serious
threat to your business or organization. Crackers know this and
will try to exploit the vulnerabilities in your Perl/CGI scripts
to gain access to your system(s).

Nonetheless, since the OpenBSD 3.2 release with the default
chroot'd Apache, I have been getting a lot of e-mails regarding
problems that users and admins have encountered. For example,
admins like the idea of running Apache in chroot, but their
websites rely heavily upon multiple Perl/CGI scripts. With Apache
running in chroot, Perl/CGI will obviously not work by default.
The dillema here, is that admins do not want to sacrifice the
security of running chroot'd Apache, but at the same time, they
cannot operate their business or oganization successfully without
the Perl/CGI applications. So, this paper was written specifically
for that reason - being able to run Apache in chroot with Perl/CGI
capabilities.

* Requirements

This document is specifically written for users and admins of
OpenBSD=>3.2 with chroot'd Apache, but it can be applied to
other operating systems/distributions if the Apache setup follows
the OpenBSD chroot'd Apache setup. If you are an experienced
admin running a different operating system/distribution, this
document can give you the general idea on what to do.

+ OpenBSD=>3.2
+ Perl
+ Default chroot'd Apache

* Instructions

By default, chroot'd Apache is in /var/www. Since Apache cannot
see outside /var/www, we will have to recreate a few directories
for Perl, so it could still be called from scripts with
#!/usr/bin/perl :

root@openwire # cd /var/www
root@openwire # mkdir usr; mkdir usr/lib; mkdir usr/libexec; mkdir usr/bin

Now that the directories have been created, we have to see what
libraries perl depends on :

root@openwire # ldd /usr/bin/perl
/usr/bin/perl:
-lperl.8 => /usr/lib/libperl.so.8.0 (0x4001d000)
-lm.1 => /usr/lib/libm.so.1.0 (0x400fa000)
-lc.29 => /usr/lib/libc.so.29.0 (0x4010e000)
-lutil.8 => /usr/lib/libutil.so.8.0 (0x401cc000)

Copy those libraries to the correct directories in /var/www/usr/* :

root@openwire # cp /usr/lib/libperl.so.8.0 /var/www/usr/lib/
root@openwire # cp /usr/lib/libm.so.1.0 /var/www/usr/lib/
root@openwire # cp /usr/lib/libc.so.29.0 /var/www/usr/lib/
root@openwire # cp /usr/lib/libutil.so.8.0 /var/www/usr/lib/

Copy ld.so to /var/www/usr/libexec :

root@openwire # cp /usr/libexec/ld.so /var/www/usr/libexec/

Copy perl to /var/www/usr/bin :

root@openwire # cp /usr/bin/perl /var/www/usr/bin

Now adjust your /var/www/conf/httpd.conf file as usually by
adding :

AddHandler cgi-script .cgi
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

AllowOverride None
Options Indexes FollowSymLinks ExecCGI
Order allow,deny
Allow from all

Restart Apache :

root@openwire # apachectl restart
/usr/sbin/apachectl restart: httpd restarted

As well as what others have mentioned, you may find that
  apachectl restart
doesn't quite work the same because the restart is already chrooted.
Any problems:
  apachectl stop; sleep 1; apachectl start
may solve.

That's it. If you have done everything as said in this document,
you should have access to Perl/CGI on your chroot'd Apache.
Good luck.

* Credits

This document is Copyright 2003 by Daniel Selans (metawire system
administrator)

Dom De Vitto has contributed the apachectl restart workaround.