Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 31366 invoked from network); 15 Jan 2004 19:54:58 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 15 Jan 2004 19:54:58 -0000 Received: (qmail 89869 invoked by uid 500); 15 Jan 2004 19:54:36 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 89775 invoked by uid 500); 15 Jan 2004 19:54:36 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 89758 invoked from network); 15 Jan 2004 19:54:36 -0000 Received: from unknown (HELO natty.paycom.net) (208.236.105.27) by daedalus.apache.org with SMTP; 15 Jan 2004 19:54:36 -0000 From: Matthew Shannon Reply-To: matt@paycom.net To: Ben Yau Cc: users@httpd.apache.org In-Reply-To: References: Content-Type: text/plain Organization: Paycom Transaction Services Message-Id: <1074196462.2705.33.camel@wily> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.2 (1.2.2-4) Date: 15 Jan 2004 11:54:22 -0800 Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: RE: [users@httpd] allow override directive X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Yes, the require user does still work, and it is 2.0.47 that I am running this on. I thought that my Order directive was already correct for a default deny policy. "Order deny,allow" - ( from docs; "implements a restrictive access policy where most hosts are denied and then a smaller subset given access" ). Wrong? I also tried putting in the netmask, and it didn't help any. -matt On Thu, 2004-01-15 at 11:40, Ben Yau wrote: > > > > Hi all, > > I have a directory with nearly 2000 user specific directories. Each > > of these has it's own .htaccess file with a require user specification. > > I am also restricting these logins by IP address. In the global conf, I > > have the following; > > > > > > Options +Indexes +MultiViews FollowSymLinks > > AllowOverride AuthConfig Limit > > Order deny,allow > > deny from all > > Satisfy all > > > > > > The "require user" in the .htaccess files works fine, however, when I > > place an "allow from 10.10.10.1" in the .htaccess file, it opens the > > directory up to all IPs instead of just the one. This is only countered > > if another "deny from all" is placed in the .htaccess file. I was under > > the impression that unless the deny configuration was overwritten, the > > global "deny from all" would stick. > > > > Even though it opens it to all IP's, does the "require user" still working? > It should since you have the Satisfy all. If it doesn't, then yeah you > definitely have some weird scoping thing going on. That is a strange error > you are getting. I would think the Deny would stick but evidently it > doesn't. I went through the docs and didn't find much. > > What version of Apache are you using by the way? I was having some strange > errors with 2.0.48 with .htaccess and "require" and went back down to 2.0.47 > and things were smooth after that. > > Another suggestion: You may want to consider changing your Order to > allow,Deny (is there a specific reason you chose deny,allow?). That way at > least the default behavior is to deny. > > You might also for kicks try putting in the netmask after the IP in your > allow and see if that helps. > > Allow from 10.10.10.1/255.255.255.255 > > > Ben > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org