httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Dean Gaudet)
Subject Re: WWW Form Bug Report: "access.conf - directory tags not overriding properly?" on Linux (fwd)
Date Mon, 19 Aug 1996 04:26:44 GMT
In article <>,
Aram Mirzadeh  <> wrote:
>Can anyone tell what this guy is talking about? 

He's complaining about the overide nature of the configuration files...
similar to the whining I've been doing a few times.  i.e. it's not
clear that directives belonging to a module are overridden as a group,
and don't affect other modules.


>Howard Goff said:
>> From: Howard Goff <>
>> The intent is to lock out the actual root of the filesystem (as opposed to the document
>> and then add access back on an as needed basis to the multiple document roots we
>> on our server.
>> Further testing on my part has indicated the following:
>> <Directory />
>> order	allow,deny
>> deny from all
>> </Directory>
>> <Directory /home/user1/html>
>> order	allow,deny
>> allow from all
>> </Directory>
>> yields the expected result of letting Apache server files from the /home/user1/html
>> directory.  If _instead_ of "Allow From All", I use "AuthType Basic" with a .htpasswd
>> the server cannot access files in the user's directory.
>> The correct response seems now to be to use _both_ "allow from all" and "Auth..."
>> in the subdirectory's security.
>> So it seems that Auth statements will not override a "deny from all" statement. 
>> makes sense now that I know about it.  You may want to include something
>> in the documentation about the order of precedence of the various security directives.
>Aram Mirzadeh
>MIS Manager				      Apache httpd team member
>Qosina Corporation
>PGP Key
>Key Sig 	      BE 49 9D F6 2A A7 22 FC  02 E9 1E 3D F7 0C 67 A0
>"I've heard snappier comebacks from a bowl of Rice Krispies. 
>				-- Charles Emerson Winchester III

View raw message