httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Cheshire <>
Subject denying access to a sub dir when parent dir has access
Date Fri, 16 Aug 2002 18:45:05 GMT

I have apache (1.3) and tomcat configured and running.
I want to set up access rules for a specific context for tomcat so that 
only certain IP addresses or passwords get access to that context.

I have the following
<Directory path_to_root_of_context>
   Order deny,allow
   Deny from all
   AllowOverride All
   Allow from
   Options Indexes FollowSymLinks MultiViews Includes
   AuthType Basic
   AuthUserFile path_to_auth_file
   AuthName "Private"
   require valid-user
   satisfy any

This is working exactly as I want it to. However, for security for 
tomcat, I want to do the standard locking down of the WEB-INF & META-INF 
  directories in the context. Because of the order of parsing the 
Directory, Location & Files Directives either of the following are 
ignored completely when the access is satisfied from above:

<Location /contextname/WEB-INF/>
   Order deny,allow
   Deny from all

<Directory path_to_root_of_context/WEB-INF>
   Order deny,allow
   Deny from all

How can I have the access rules for the context as I have set up above, 
but deny access to all files under the WEB-INF & META-INF 
sub-directories for everyone? I tried putting in a .htaccess file with

   Order deny,allow
   Deny from all

in these directories, but because the user was still allowed access to 
the sub directories.

If I don't have any access restriction on the parent directory, then 
these sub directories are denied access. But I need semi restrictive 
access on the parent, and none on the sub directory.

How do I go about this?


Chris Cheshire
Manager of Software Development
Email :

     "Ambition is just an excuse for those that
     don't have the guts to be lazy"

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message