httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luis Moreira <luis.more...@esinnovation.pt>
Subject Re: [users@httpd] Access to directories
Date Mon, 16 Feb 2004 10:54:20 GMT
Hi

    There isn't much difference between the "real" URLs and what I wrote,
actually.
    I know that we are talking about Microsoft, but I was expecting a
behaviour like on UNIX, where you can be denied of "navegating upwards" on a
tree structure.
    Anyway, think of it this way :

    What you say is true, about the Basic Auth part.
    I have lots of  "directory" directives, to set up different users to
access different directories.
    That works.

    Examples :

    To give access to a software instalations database I have this (d:/myweb
is my root folder) :
        <Directory d:/myweb/rollout_besnet/instalador>
         Options Indexes
              Order allow,deny
              Allow from all
         AuthType Basic
         AuthName "Acesso restrito"
         AuthUserFile "d:/program files/Apache Group/Apache/bin/pwd"
         Require user nie com
        </Directory>
    Accessing http://moreiranet/ROLLOUT_BESNET/INSTALADOR/ I am asked for
username/password.
    However, if I go to http://moreiranet/ROLLOUT_BESNET I get the
corresponding index

    To access a public downloading area, I have simply this (downloads is a
DIR under the root folder)
        <Directory /downloads/publico>
         Options Indexes
        </Directory>
    However, if I access http://moreiranet/downloads I get its index too

    I don't have any  <Directory /downloads/cisco> directive.
    However, if I type http://moreiranet/cisco, bingo! There I get its index
also.

    And so on, and so on.

    Apparently, what happens is :

    IF directory-directive exists,
        Access works as intended with username/password
    ELSE
        Access is granted, no questions asked

    It looks like some sort of "default behaviour", where access is granted
to all directories if no name is found

Luis

----- Original Message -----
From: "Boyle Owen" <Owen.Boyle@swx.com>
To: <users@httpd.apache.org>
Sent: Monday, February 16, 2004 10:13 AM
Subject: RE: [users@httpd] Access to directories


Plain text please..

I assume by "Directory" directives you mean Basic Authentication
directives like AuthUserFile and Require valid-user etc.

These directives apply to the directory defined in the encompassing
<Directory> tag. I guess that this works... Obviously you can access the
parent directory because that is above the protected directory. You will
also be able to access any parallel directories if they use the same
AuthUserFile.

Reading your post, I am not really sure what you think the problem is -
can you try to be more specific? Give clear examples. Even better, give
the real URLs so we can see what you think is wrong.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.


-----Original Message-----
From: Luis Moreira [mailto:luis.moreira@esinnovation.pt]
Sent: Montag, 16. Februar 2004 11:00
To: users@httpd.apache.org
Subject: [users@httpd] Access to directories


I thought I had this properly done, but as it turns out, I don't...

Using Apache 1.3.23, I have a set of directories that people can access
to.
For that purpose, I have a set of "Directory" directives, to allow
different users to access different directories.

Noticing that, after accessing one of these directories with the
appropriate username/password, I was able to access its "parent
directory", and after that one a second directory at the same lever as
the first one, I tried to go to other directories, typing
http://myweb/dir1 and http://myweb/dir2 where DIR1 and DIR2 do not match
any "directory" directives, and I get and index view of all of them,
worst of all without being asked for username.

Since I did read the docs, but did a poor job of  it, is there a simple
explanation for this ?
What did I miss ?

Thanks
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This
e-mail is of a private and personal nature. It is not related to the
exchange or business activities of the SWX Group. Le présent e-mail est
un message privé et personnel, sans rapport avec l'activité boursière du
Groupe SWX.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender’s company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender’s company.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message