httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org
Subject Re: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd 2.0.42)
Date Thu, 03 Oct 2002 18:27:44 GMT
On Thu, 3 Oct 2002, Erich Oliphant wrote:

> Only an authorized user should have access to the resource. That user should
> only be allowed to send the requests specified in the Limit/LimitExcept.
> 
> Access is restricted to the login/passwd combo.  However, once the user is
> authorized I am able to isssue, for instance, PUT's or DELETE's, which I am
> trying to prevent.

The problem is that you have told Apache to Limit GET HEAD OPTIONS, and
PROPFIND.  Then, you used to exact same require statement to Limit
everything _EXCEPT_ GET HEAD OPTIONS, and PROPFIND.

If you want this to work, you will need to change your LimitExcept to
something like:


<LimitExcept GET HEAD OPTIONS PROPFIND>
    Deny from all
    Order allow,deny
</LimitExcept>

Ryan

>  
> 
> ----- Original Message -----
> From: "John K. Sterling" <john@sterls.com>
> To: <users@httpd.apache.org>
> Sent: Thursday, October 03, 2002 1:31 PM
> Subject: RE: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
> 2.0.42)
> 
> 
> >
> > >-- Original Message --
> > >Reply-To: users@httpd.apache.org
> > >From: "Erich Oliphant" <ericho@vantixweb.com>
> > >To: <users@httpd.apache.org>
> > >Date: Thu, 3 Oct 2002 13:16:09 -0400
> > >Subject: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
> 2.0.42)
> > >
> > >I've tried Limit, LimitExcept and both at the same time to no avail.
> > >Interestingly, the Require statement is honored.  I cannot access the
> > >resource without the proper login/password.  However, once authenticated,
> > >the server will accept any request type (PUT,DELETE, etc).
> >
> > not quite sure what you're problem is.... when you say the server will
> 'accept'
> > any request type - what do you mean?
> >
> > do you want to allow all users to HEAD or GET, and only want to allow a
> > single user to PUT DELETE?
> >
> > please elaborate -
> >
> > sterling
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

-- 

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
550 Jean St
Oakland CA 94610
-------------------------------------------------------------------------------


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message