httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <>
Subject Re: Help with access control (.htaccess)
Date Thu, 20 Dec 2001 13:57:12 GMT
"J.D. Bronson" wrote:
> I am seeking a few hints on what I am doing wrong.
> I am trying to setup apache 1.3.22 to limit access as follows:
> 1. access MUST be from a specified IP range
> 2. user MUST use name/passwd
> Both conditions above must be met for access.
> If there is a request from an IP that is not in the allow range,
> I dont want a name/passwd to override this.
> Here is what I did:
> [http.conf]
> DocumentRoot "/var/www/users"
> <Directory />
> Order Deny,Allow
> Deny from All
> Allow from
>      Options FollowSymLinks
>      AllowOverride AuthConfig
> </Directory>
> <Directory /test>
> Order Deny,Allow
> Deny from all
> Allow from
>     Options FollowSymLinks
>      AllowOverride AuthConfig
> </Directory>
> ------------------------------------
> then I added .htaccess in the following dirs:
> /var/www/users
> /var/www/test
> [.htaccess]
> AuthName "Restriced Access"
>    AuthType Basic
>    AuthUserFile /usr/local/etc/users
>    require valid-user
> Satisfy All
> ...I can seem to make this work one way or the other, but not both.
> With the above configuration, an IP from receives the following:
> HTTP 403 forbidden
> and the relevant log entry shows:
> [Thu Dec 20 07:32:51 2001] [error] [client] client denied by
> server configuration: /var/www/users
> so....I have read the newsgroups and like the idea of 'ditching' the
> .htaccess file and setting this up in httpd.conf
> (since all the dirs and files would require the same level of security)

You're nearly there - just a slight misunderstanding on the relationship
between DocumentRoot and <Directory>.

I get the impression you think the Directory argument is *relative* to
the DocumentRoot. It's not - it is *absolute*, i.e. it needs a full path
relative to the filesystem. If you put:

DocumentRoot "/var/www/users"
<Directory /var/www/users>
<Directory /var/www/test>

It be closer to what you are trying to achieve. 

However, there is another issue. The config above is still a bit funny
because /var/www/test is not under the docroot. So if you do:

DocumentRoot "/var/www"

both directories will be below the docroot and therefore accessible from
the browser via:

http://server-name/users and http://server-name/test

Then you can check if your authentication scheme is working (looks OK).

Owen Boyle.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message