httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David H <godave...@yahoo.com>
Subject Re: [users@httpd] Dav security problem
Date Sun, 14 Mar 2004 05:42:17 GMT
Hi Saqib,

Thanks for the advise. Virtual Host may not solve my
problem, people still able to get in. My question is
why am I not being ask for login or deny access under
normal https and Dav did ask for login? 


Thanks,
Dave


--- Saqib Ali <saqib@seagate.com> wrote:
> ForceType text/plain
> 
> is your problem. You are forcing everything to text
> type. You should
> remove that.
> 
> If you want to access PHP files using DAV, you need
> to set a seperat
> VirtualHost See
> http://www.webdav.org/mod_dav/install.html for more
> info.
> 
> In Peace,
> Saqib Ali
> -------------
> http://validate.sf.net <---- (X)HTML / DocBook XML
> Validator and Transformer
> 
> 
> On Sat, 13 Mar 2004, David H wrote:
> 
> > Hi all,
> >
> > I have seted up apache 2.0.48 with mod_dav and
> > mod_php. Everything is working fine but I have
> this
> > security problem... here is my configuration under
> > ssl.conf:
> >
> >
> > Alias /demo /home/demo/docs
> > <Location /demo>
> >
> >         Dav On
> >
> >         ForceType text/plain
> >         AllowOverride None
> >        Options None
> >
> >         AuthType Basic
> >         AuthName Demo
> >         AuthUserFile /web/www/restriction/demo
> >
> >         <LimitExcept GET POST OPTIONS>
> >                 require user david
> >         </LimitExcept>
> > </Location>
> >
> > It did asked me for login name and password when I
> > connect with dav mapping in windows, but when I
> make
> > and directory under demo like example01 and have a
> > html file called test.php. Now on my browser I
> type
> > https://www.mysite.com/demo/example01/test.php I
> see
> > all the code. I am not being ask for password at
> all.
> > Do anyone know what is wrong?
> >
> > Thanks,
> > David
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - More reliable, more storage, less
> spam
> > http://mail.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > The official User-To-User support forum of the
> Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html>
> for more info.
> > To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
> >    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail:
> users-help@httpd.apache.org
> >
> >
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
> 


__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message