Still no good...
No, <Directory e:/> isn't the issue, since this is the
tree with the Win32/OS2/NW <Directory /> patch applied...
but for kicks I repeated on the binary test distribution of
1.3.13-dev tree from a month or so ago, this time with
<Directory e:/> rather than <Directory />, and...
nothing happened. That is, GET is allowed through. I would
have expected that <Location /> set no Require on GET, so
it should have fallen through to <Directory [e:]/> (whichever)
and it clearly does not. I even switched over to Digest using
mod_auth_digest, and still the same effect.
In a nutshell...
<Location />
<LimitExcept GET PUT POST OPTIONS>
Require something
</LimitExcept>
</Location>
will completely override
<Directory />
Require something
</Directory>
Is this the expected behavior? I ask, especially since Greg's
docs for mod_dav suggest the <Location /> using <LimitExcept>
is the easiest way of quickly securing current and future
(unknown) request types. I simply expected GET, PUT, POST and
OPTIONS to fall back on the other sections e.g. <Directory>, etc.
Bill
> -----Original Message-----
> From: lars@hyperreal.org [mailto:lars@hyperreal.org]
> Sent: Sunday, September 17, 2000 5:49 AM
> To: new-httpd@apache.org
> Subject: RE: <Location /> && <Directory /> combined?
>
>
> According to William A. Rowe, Jr.:
>
> > Here is the lethal combination:
> >
> > <Directory />
> > Options Indexes Includes FollowSymLinks
> > AllowOverride None
> > AuthType Basic
> > AuthName Local
> > AuthUserFile c:/apache/.htpasswd
> > Require user admin
> > </Directory>
> >
> > <Location />
> > AuthType Basic
> > AuthName DAV
> > AuthUserFile c:/apache/.htpasswd
> > <LimitExcept GET HEAD POST>
> > Require user admin
> > </LimitExcept>
> > </Location>
> >
> > <VirtualHost *>
> > DocumentRoot "e:/"
> > ServerName localhost
> > </VirtualHost>
>
> Maybe I misunderstand your problem, but try using
> <Directory "e:/">.
>
>
> ciao...
> --
> Lars Eilebrecht - Who is General Failure...
> lars@hyperreal.org - and why is he reading my disk?
>
>
|