httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthijs van der Klip <matth...@spill.nl>
Subject RE: [users@httpd] nested htaccess files in conjuction with allow/deny
Date Mon, 21 Jun 2004 09:33:28 GMT
On Mon, 21 Jun 2004, Boyle Owen wrote:
> Just to be clear: You are controlling access *only* with mod_access
> (Allow,Deny) and not with Basic Authentication (password protection). I
> mention this because, as you probably know, you can't nest
> Authentication realms.

Only mod_access, no password protection indeed.


> 	This is a consequence of the "Order Deny,Allow" directive which
> allows by default and which is inherited by the subd-r but not overriden
> in the subdir .htaccess.
> 
> I think the root cause is your original "Order" directive is the wrong
> way round. Read the docs for this directive carefully then try:

Alas, this did not resolve my problem:

I changed my (paranoid) settings in the virtualhost to:

  Order Allow,Deny


I changed my settings in test/.htaccess to:

  Order Allow,Deny
  Allow from 1.2.3.4


Settings in test/test2/.htaccess were left unmodified:

  Allow from 4.3.2.1


Exact same result as before, access to anybody is granted in test/test2. 
When I remove the test/test2/.htaccess (or comment the Allow line), access 
is granted to everyone on the test/.htaccess list.

Additionaly I tried removing the 'Order Allow,Deny' line from 
test/.htaccess as it is already present in my virtualhost definition. I 
get similar results to the nesting of htaccess files: access is granted to 
anybody in test/ even though the virtual host definition says 'Order 
Allow,Deny'!

I seems to me like any new use of mod_access leads to a reset of the 
previous settings: test/.htaccess resetting virtualhost settings, 
test/test2/.htaccess resetting test/.htaccess settings...


Thanks in advance,

-- 
Matthijs van der Klip
System Administrator
Spill E-Projects
The Netherlands



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message