httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Shannon <m...@paycom.net>
Subject RE: [users@httpd] allow override directive
Date Thu, 15 Jan 2004 19:54:22 GMT
Yes, the require user does still work, and it is 2.0.47 that I am
running this on. 

I thought that my Order directive was already correct for a default deny
policy. "Order deny,allow" - ( from docs; "implements a restrictive
access policy where most hosts are denied and then a smaller subset
given access" ). Wrong? I also tried putting in the netmask, and it
didn't help any. 

-matt

On Thu, 2004-01-15 at 11:40, Ben Yau wrote:
> >
> > Hi all,
> >    I have a directory with nearly 2000 user specific directories. Each
> > of these has it's own .htaccess file with a require user specification.
> > I am also restricting these logins by IP address. In the global conf, I
> > have the following;
> >
> > <Directory "/home/apache/www.mydomain.com/dirs/?*">
> >    Options +Indexes +MultiViews FollowSymLinks
> >    AllowOverride AuthConfig Limit
> >    Order deny,allow
> >    deny from all
> >    Satisfy all
> > </Directory>
> >
> > The "require user" in the .htaccess files works fine, however, when I
> > place an "allow from 10.10.10.1" in the .htaccess file, it opens the
> > directory up to all IPs instead of just the one. This is only countered
> > if another "deny from all" is placed in the .htaccess file. I was under
> > the impression that unless the deny configuration was overwritten, the
> > global "deny from all" would stick.
> >
> 
> Even though it opens it to all IP's, does the "require user" still working?
> It should since you have the Satisfy all.  If it doesn't, then yeah you
> definitely have some weird scoping thing going on.  That is a strange error
> you are getting.  I would think the Deny would stick but evidently it
> doesn't.  I went through the docs and didn't find much.
> 
> What version of Apache are you using by the way?  I was having some strange
> errors with 2.0.48 with .htaccess and "require" and went back down to 2.0.47
> and things were smooth after that.
> 
> Another suggestion: You may want to consider changing your Order to
> allow,Deny (is there a specific reason you chose deny,allow?).  That way at
> least the default behavior is to deny.
> 
> You might also for kicks try putting in the netmask after the IP in your
> allow and see if that helps.
> 
> Allow from 10.10.10.1/255.255.255.255
> 
> 
> Ben
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message