Return-Path: 
 <users-return-14952-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 19943 invoked by uid 500); 3 Oct 2002 18:32:20 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 19931 invoked from network); 3 Oct 2002 18:32:20 -0000
Received: from mail.san.yahoo.com (209.132.1.30)
  by daedalus.apache.org with SMTP; 3 Oct 2002 18:32:20 -0000
Received: from [198.241.217.3] by mail.san.yahoo.com with HTTP;
 Thu, 3 Oct 2002 11:35:55 -0700
Date: Thu, 3 Oct 2002 14:35:55 -0400
Message-ID: <3D9BDC6600000A94@mta05.san.yahoo.com>
In-Reply-To: <Pine.LNX.4.21.0210031425360.16648-100000@shell.ntrnet.net>
From: "John K. Sterling" <john@sterls.com>
To: users@httpd.apache.org
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
Subject: Re: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
 2.0.42)

I thought he said he tried each individually first?  Erich?

sterling

>-- Original Message --
>Reply-To: users@httpd.apache.org
>Date: Thu, 3 Oct 2002 14:27:44 -0400 (EDT)
>From: rbb@apache.org
>To: users@httpd.apache.org
>Subject: Re: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd
> 2.0.42)
>
>
>On Thu, 3 Oct 2002, Erich Oliphant wrote:
>
>> Only an authorized user should have access to the resource. That user
should
>> only be allowed to send the requests specified in the Limit/LimitExcep=
t.
>> 
>> Access is restricted to the login/passwd combo.  However, once the use=
r
>is
>> authorized I am able to isssue, for instance, PUT's or DELETE's, which=

>I am
>> trying to prevent.
>
>The problem is that you have told Apache to Limit GET HEAD OPTIONS, and
>PROPFIND.  Then, you used to exact same require statement to Limit
>everything _EXCEPT_ GET HEAD OPTIONS, and PROPFIND.
>
>If you want this to work, you will need to change your LimitExcept to
>something like:
>
>
><LimitExcept GET HEAD OPTIONS PROPFIND>
>    Deny from all
>    Order allow,deny
></LimitExcept>
>
>Ryan
>
>>  
>> 
>> ----- Original Message -----
>> From: "John K. Sterling" <john@sterls.com>
>> To: <users@httpd.apache.org>
>> Sent: Thursday, October 03, 2002 1:31 PM
>> Subject: RE: [users@httpd] Limit,LimitExcept problems w/ mod_dav (http=
d
>> 2.0.42)
>> 
>> 
>> >
>> > >-- Original Message --
>> > >Reply-To: users@httpd.apache.org
>> > >From: "Erich Oliphant" <ericho@vantixweb.com>
>> > >To: <users@httpd.apache.org>
>> > >Date: Thu, 3 Oct 2002 13:16:09 -0400
>> > >Subject: [users@httpd] Limit,LimitExcept problems w/ mod_dav (httpd=

>> 2.0.42)
>> > >
>> > >I've tried Limit, LimitExcept and both at the same time to no avail=
.
>> > >Interestingly, the Require statement is honored.  I cannot access
the
>> > >resource without the proper login/password.  However, once authenti=
cated,
>> > >the server will accept any request type (PUT,DELETE, etc).
>> >
>> > not quite sure what you're problem is.... when you say the server wi=
ll
>> 'accept'
>> > any request type - what do you mean?
>> >
>> > do you want to allow all users to HEAD or GET, and only want to allo=
w
>a
>> > single user to PUT DELETE?
>> >
>> > please elaborate -
>> >
>> > sterling
>> >
>> >
>> > --------------------------------------------------------------------=
-
>> > The official User-To-User support forum of the Apache HTTP Server Pr=
oject.
>> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> > For additional commands, e-mail: users-help@httpd.apache.org
>> >
>> >
>> 
>> 
>> 
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Proj=
ect.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>> 
>
>-- 
>
>________________________________________________________________________=
_______
>Ryan Bloom                        	rbb@apache.org
>550 Jean St
>Oakland CA 94610
>------------------------------------------------------------------------=
-------
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Projec=
t.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org