httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John K. Sterling" <j...@sterls.com>
Subject Re: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd 2.0.42)
Date Thu, 03 Oct 2002 18:35:55 GMT
I thought he said he tried each individually first?  Erich?

sterling

>-- Original Message --
>Reply-To: users@httpd.apache.org
>Date: Thu, 3 Oct 2002 14:27:44 -0400 (EDT)
>From: rbb@apache.org
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
> 2.0.42)
>
>
>On Thu, 3 Oct 2002, Erich Oliphant wrote:
>
>> Only an authorized user should have access to the resource. That user
should
>> only be allowed to send the requests specified in the Limit/LimitExcept.
>> 
>> Access is restricted to the login/passwd combo.  However, once the user
>is
>> authorized I am able to isssue, for instance, PUT's or DELETE's, which
>I am
>> trying to prevent.
>
>The problem is that you have told Apache to Limit GET HEAD OPTIONS, and
>PROPFIND.  Then, you used to exact same require statement to Limit
>everything _EXCEPT_ GET HEAD OPTIONS, and PROPFIND.
>
>If you want this to work, you will need to change your LimitExcept to
>something like:
>
>
><LimitExcept GET HEAD OPTIONS PROPFIND>
>    Deny from all
>    Order allow,deny
></LimitExcept>
>
>Ryan
>
>>  
>> 
>> ----- Original Message -----
>> From: "John K. Sterling" <john@sterls.com>
>> To: <users@httpd.apache.org>
>> Sent: Thursday, October 03, 2002 1:31 PM
>> Subject: RE: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
>> 2.0.42)
>> 
>> 
>> >
>> > >-- Original Message --
>> > >Reply-To: users@httpd.apache.org
>> > >From: "Erich Oliphant" <ericho@vantixweb.com>
>> > >To: <users@httpd.apache.org>
>> > >Date: Thu, 3 Oct 2002 13:16:09 -0400
>> > >Subject: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
>> 2.0.42)
>> > >
>> > >I've tried Limit, LimitExcept and both at the same time to no avail.
>> > >Interestingly, the Require statement is honored.  I cannot access
the
>> > >resource without the proper login/password.  However, once authenticated,
>> > >the server will accept any request type (PUT,DELETE, etc).
>> >
>> > not quite sure what you're problem is.... when you say the server will
>> 'accept'
>> > any request type - what do you mean?
>> >
>> > do you want to allow all users to HEAD or GET, and only want to allow
>a
>> > single user to PUT DELETE?
>> >
>> > please elaborate -
>> >
>> > sterling
>> >
>> >
>> > ---------------------------------------------------------------------
>> > The official User-To-User support forum of the Apache HTTP Server Project.
>> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>> >
>> >
>> 
>> 
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
>
>-- 
>
>_______________________________________________________________________________
>Ryan Bloom                        	rbb@apache.org
>550 Jean St
>Oakland CA 94610
>-------------------------------------------------------------------------------
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message