httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Security & Case sensitivity in Windows
Date Wed, 19 Mar 2003 17:47:21 GMT

On Wed, 19 Mar 2003, Paul Smith wrote:
> Trying to limit access to certain URIs I have a configuration like this:
> <Location /admin/>
> 	order deny,allow
> 	deny from all
> 	allow from 192.168.1.1
> </Location>

> In fact, it DOES restrict access to that folder, BUT it does NOT restrict
> access to 'mysite.co.uk/Admin/...' This would be fine on Unix file systems,
> but not on Windows ones, where /admin/ and /Admin/ are the same.

This fact is well document at (for example):
http://httpd.apache.org/docs-2.0/sections.html#file-and-web

When protecting file-system locations, always use <Directory>, not
<Location>.  <Location> should only be used to protect resources that do
not exist in the filesystem.  This is true regardless of whether you use
unix or windows, since there are many ways that a single filesystem
location could map to several different URLs.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message