httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Cheshire <cchesh...@bigredwire.com>
Subject denying access to a sub dir when parent dir has access
Date Fri, 16 Aug 2002 18:45:05 GMT
Hi,

I have apache (1.3) and tomcat configured and running.
I want to set up access rules for a specific context for tomcat so that 
only certain IP addresses or passwords get access to that context.

I have the following
<Directory path_to_root_of_context>
   Order deny,allow
   Deny from all
   AllowOverride All
   Allow from .mydomain.com
   Options Indexes FollowSymLinks MultiViews Includes
   AuthType Basic
   AuthUserFile path_to_auth_file
   AuthName "Private"
   require valid-user
   satisfy any
</Directory>

This is working exactly as I want it to. However, for security for 
tomcat, I want to do the standard locking down of the WEB-INF & META-INF 
  directories in the context. Because of the order of parsing the 
Directory, Location & Files Directives either of the following are 
ignored completely when the access is satisfied from above:

<Location /contextname/WEB-INF/>
   Order deny,allow
   Deny from all
</Location>

<Directory path_to_root_of_context/WEB-INF>
   Order deny,allow
   Deny from all
</Directory>

How can I have the access rules for the context as I have set up above, 
but deny access to all files under the WEB-INF & META-INF 
sub-directories for everyone? I tried putting in a .htaccess file with

   Order deny,allow
   Deny from all

in these directories, but because the user was still allowed access to 
the sub directories.

If I don't have any access restriction on the parent directory, then 
these sub directories are denied access. But I need semi restrictive 
access on the parent, and none on the sub directory.

How do I go about this?

Thanks

-- 
Chris Cheshire
Manager of Software Development
bigredwire.com
Email : ccheshire@bigredwire.com

     "Ambition is just an excuse for those that
     don't have the guts to be lazy"


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message