httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From suomi <>
Subject Re: [users@httpd] Realm Protection
Date Sat, 11 Oct 2003 06:42:56 GMT
If you use directory, files, and location directives on a web site, you 
must consider the following processing sequence:

the directives directory, directorymatch, files, filesmatch, location, 
locationmatch are processed in that order, which means that a files 
directive will overrun a directory directive (if that where possible), 
and a location directive will overrun both of them

be aware that the location, locationmatch directives are processed last, 
and they may invalidate any directory, directorymacht and files, 
filesmatch directives. If you have a location, locationmatch directive 
in the general setup in httpd.conf, it will overrun all 
directory,directorymatch and files,filesmatch directives you specify in 
partivular virtual-server directives.

the order of processing these directives is never mentionned in any book 
about apache. and there are cases, where it really gets important


Clint Davis wrote:

>I have the following in my Apache 1.3.27 httpd.conf file. But, I can still
>freely access documents in the "files" directory that are supposed to be
>protected. What's wrong here?
><Directory /Volumes/Data/WebSites/>
>Options None
>Order allow,deny
>Allow from all
>AuthType Basic
>AuthUserFile /Library/Tenon/System/Configuration/users.txt
>AuthGroupFile /Library/Tenon/System/Configuration/groups.txt
>require user chatfield croyer dhughes dverdeyen dwadsworth
>Clint Davis
>Webmaster / Interactive Media Specialist
>Gray Loon Marketing Group, Inc.
>204 Main Street | Evansville, IN 47708 | Phone:812-422-9999
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message