httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erich Oliphant" <eri...@vantixweb.com>
Subject Re: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd 2.0.42)
Date Thu, 03 Oct 2002 19:09:11 GMT
Yes I did, I did not have the 'Order' option set as I did not think it was
necessary. Is it?  I've gone back to <LimitExcept> only, to no avail.  I
have <LimitExcept OPTIONS GET HEAD>, but I can still sucessfully send a
DELETE.


----- Original Message -----
From: "John K. Sterling" <john@sterls.com>
To: <users@httpd.apache.org>
Sent: Thursday, October 03, 2002 2:35 PM
Subject: Re: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
2.0.42)


> I thought he said he tried each individually first?  Erich?
>
> sterling
>
> >-- Original Message --
> >Reply-To: users@httpd.apache.org
> >Date: Thu, 3 Oct 2002 14:27:44 -0400 (EDT)
> >From: rbb@apache.org
> >To: users@httpd.apache.org
> >Subject: Re: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
> > 2.0.42)
> >
> >
> >On Thu, 3 Oct 2002, Erich Oliphant wrote:
> >
> >> Only an authorized user should have access to the resource. That user
> should
> >> only be allowed to send the requests specified in the
Limit/LimitExcept.
> >>
> >> Access is restricted to the login/passwd combo.  However, once the user
> >is
> >> authorized I am able to isssue, for instance, PUT's or DELETE's, which
> >I am
> >> trying to prevent.
> >
> >The problem is that you have told Apache to Limit GET HEAD OPTIONS, and
> >PROPFIND.  Then, you used to exact same require statement to Limit
> >everything _EXCEPT_ GET HEAD OPTIONS, and PROPFIND.
> >
> >If you want this to work, you will need to change your LimitExcept to
> >something like:
> >
> >
> ><LimitExcept GET HEAD OPTIONS PROPFIND>
> >    Deny from all
> >    Order allow,deny
> ></LimitExcept>
> >
> >Ryan
> >
> >>
> >>
> >> ----- Original Message -----
> >> From: "John K. Sterling" <john@sterls.com>
> >> To: <users@httpd.apache.org>
> >> Sent: Thursday, October 03, 2002 1:31 PM
> >> Subject: RE: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
> >> 2.0.42)
> >>
> >>
> >> >
> >> > >-- Original Message --
> >> > >Reply-To: users@httpd.apache.org
> >> > >From: "Erich Oliphant" <ericho@vantixweb.com>
> >> > >To: <users@httpd.apache.org>
> >> > >Date: Thu, 3 Oct 2002 13:16:09 -0400
> >> > >Subject: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
> >> 2.0.42)
> >> > >
> >> > >I've tried Limit, LimitExcept and both at the same time to no avail.
> >> > >Interestingly, the Require statement is honored.  I cannot access
> the
> >> > >resource without the proper login/password.  However, once
authenticated,
> >> > >the server will accept any request type (PUT,DELETE, etc).
> >> >
> >> > not quite sure what you're problem is.... when you say the server
will
> >> 'accept'
> >> > any request type - what do you mean?
> >> >
> >> > do you want to allow all users to HEAD or GET, and only want to allow
> >a
> >> > single user to PUT DELETE?
> >> >
> >> > please elaborate -
> >> >
> >> > sterling
> >> >
> >> >
> >> > ---------------------------------------------------------------------
> >> > The official User-To-User support forum of the Apache HTTP Server
Project.
> >> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> > For additional commands, e-mail: users-help@httpd.apache.org
> >> >
> >> >
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the Apache HTTP Server
Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >--
> >
>
>___________________________________________________________________________
____
> >Ryan Bloom                        rbb@apache.org
> >550 Jean St
> >Oakland CA 94610
>
>---------------------------------------------------------------------------
----
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP Server
Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message