httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: denying access to a sub dir when parent dir has access
Date Fri, 16 Aug 2002 19:47:57 GMT
Chris Cheshire wrote:

> This is working exactly as I want it to. However, for security for 
> tomcat, I want to do the standard locking down of the WEB-INF & META-INF 
>  directories in the context. Because of the order of parsing the 
> Directory, Location & Files Directives either of the following are 
> ignored completely when the access is satisfied from above:

Actually, I suspect it is the "Satisfy Any" that is causing your problem 
since apache will not evaluate the host-based access controls if it can 
authenticate with basic auth.  Try adding "Satisfy all" to your 
restrictive sections.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message