httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Dav security problem
Date Sun, 14 Mar 2004 19:15:30 GMT

On Sat, 13 Mar 2004, David H wrote:

> Hi Saqib,
>
> Thanks for the advise. Virtual Host may not solve my
> problem, people still able to get in. My question is
> why am I not being ask for login or deny access under
> normal https and Dav did ask for login?

> > >         <LimitExcept GET POST OPTIONS>
> > >                 require user david
> > >         </LimitExcept>

Because you have explicitly excluded "GET" from requiring authentication.
Since GET is the method used for ordinary web browsers, they don't need to
authenticate.

Remove the <LimitExcept ...> and </LimitExcept> lines if you want to
restrict all access.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message