httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aram Mirzadeh <>
Subject RE: WWW Form Bug Report: "access.conf - directory tags not overriding properly?" on Linux (fwd)
Date Mon, 19 Aug 1996 03:40:53 GMT

Can anyone tell what this guy is talking about? 

Howard Goff said:
> From: Howard Goff <>
> The intent is to lock out the actual root of the filesystem (as opposed to the document
> and then add access back on an as needed basis to the multiple document roots we have
> on our server.
> Further testing on my part has indicated the following:
> <Directory />
> order	allow,deny
> deny from all
> </Directory>
> <Directory /home/user1/html>
> order	allow,deny
> allow from all
> </Directory>
> yields the expected result of letting Apache server files from the /home/user1/html
> directory.  If _instead_ of "Allow From All", I use "AuthType Basic" with a .htpasswd
> the server cannot access files in the user's directory.
> The correct response seems now to be to use _both_ "allow from all" and "Auth..."
> in the subdirectory's security.
> So it seems that Auth statements will not override a "deny from all" statement.  This

> makes sense now that I know about it.  You may want to include something
> in the documentation about the order of precedence of the various security directives.

Aram Mirzadeh
MIS Manager				      Apache httpd team member
Qosina Corporation
Key Sig 	      BE 49 9D F6 2A A7 22 FC  02 E9 1E 3D F7 0C 67 A0

"I've heard snappier comebacks from a bowl of Rice Krispies. 
				-- Charles Emerson Winchester III

View raw message