httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aram Mirzadeh <...@qosina.com>
Subject RE: WWW Form Bug Report: "access.conf - directory tags not overriding properly?" on Linux (fwd)
Date Mon, 19 Aug 1996 03:40:53 GMT

Can anyone tell what this guy is talking about? 


Howard Goff said:
> From: Howard Goff <Howard@AlaskaOne.com>
> 
> The intent is to lock out the actual root of the filesystem (as opposed to the document
root)
> and then add access back on an as needed basis to the multiple document roots we have
> on our server.
> 
> Further testing on my part has indicated the following:
> 
> <Directory />
> order	allow,deny
> deny from all
> </Directory>
> <Directory /home/user1/html>
> order	allow,deny
> allow from all
> </Directory>
> 
> yields the expected result of letting Apache server files from the /home/user1/html
> directory.  If _instead_ of "Allow From All", I use "AuthType Basic" with a .htpasswd
file
> the server cannot access files in the user's directory.
> 
> The correct response seems now to be to use _both_ "allow from all" and "Auth..."
> in the subdirectory's security.
> 
> So it seems that Auth statements will not override a "deny from all" statement.  This

> makes sense now that I know about it.  You may want to include something
> in the documentation about the order of precedence of the various security directives.
> 

-- 
Aram Mirzadeh						awm@qosina.com
MIS Manager				      Apache httpd team member
Qosina Corporation				    aram@hyperreal.com
http://www.qosina.com/			    http://www.qosina.com/~awm
PGP Key 			http://www.qosina.com/~awm/pgpkey.html
Key Sig 	      BE 49 9D F6 2A A7 22 FC  02 E9 1E 3D F7 0C 67 A0

"I've heard snappier comebacks from a bowl of Rice Krispies. 
				-- Charles Emerson Winchester III


Mime
View raw message