httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject RE: <Location /> && <Directory /> combined?
Date Sun, 17 Sep 2000 12:41:41 GMT
Still no good...

No, <Directory e:/> isn't the issue, since this is the
tree with the Win32/OS2/NW <Directory /> patch applied...

but for kicks I repeated on the binary test distribution of
1.3.13-dev tree from a month or so ago, this time with
<Directory e:/> rather than <Directory />, and...

nothing happened.  That is, GET is allowed through.  I would
have expected that <Location /> set no Require on GET, so
it should have fallen through to <Directory [e:]/> (whichever)
and it clearly does not.  I even switched over to Digest using
mod_auth_digest, and still the same effect.

In a nutshell...

  <Location />
    <LimitExcept GET PUT POST OPTIONS>
       Require something
    </LimitExcept>
  </Location>

will completely override

  <Directory />
    Require something
  </Directory>

Is this the expected behavior?  I ask, especially since Greg's
docs for mod_dav suggest the <Location /> using <LimitExcept>
is the easiest way of quickly securing current and future
(unknown) request types.  I simply expected GET, PUT, POST and
OPTIONS to fall back on the other sections e.g. <Directory>, etc.

Bill



> -----Original Message-----
> From: lars@hyperreal.org [mailto:lars@hyperreal.org]
> Sent: Sunday, September 17, 2000 5:49 AM
> To: new-httpd@apache.org
> Subject: RE: <Location /> && <Directory /> combined?
> 
> 
> According to William A. Rowe, Jr.:
> 
> >  Here is the lethal combination:
> >  
> >  <Directory />
> >      Options Indexes Includes FollowSymLinks
> >      AllowOverride None
> >      AuthType Basic
> >      AuthName Local
> >      AuthUserFile c:/apache/.htpasswd
> >      Require user admin
> >  </Directory>
> >  
> >  <Location />
> >      AuthType Basic
> >      AuthName DAV
> >      AuthUserFile c:/apache/.htpasswd
> >      <LimitExcept GET HEAD POST>
> >          Require user admin
> >      </LimitExcept>
> >  </Location>
> >  
> >  <VirtualHost *>
> >      DocumentRoot "e:/"
> >      ServerName localhost
> >  </VirtualHost>
> 
> Maybe I misunderstand your problem, but try using
> <Directory "e:/">.
> 
> 
> ciao...
> -- 
> Lars Eilebrecht                    - Who is General Failure...
> lars@hyperreal.org              - and why is he reading my disk?
> 
> 

Mime
View raw message