httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthijs van der Klip <matth...@spill.nl>
Subject RE: [users@httpd] nested htaccess files in conjuction with allow/deny
Date Tue, 22 Jun 2004 08:03:50 GMT
On Mon, 21 Jun 2004, Joshua Slive wrote:
> Other than the fact that you obscured the most important part (the IP 
> address), I don't see where the problem could be coming from.

Just assume that 1.2.3.4 is a valid internet IP-address, 127.0.0.1 was 
chosen because it is a valid address and definitely should not give access 
to any internet IP-addresses. It actually doesn't matter what i put after 
the 'Allow from' in the htaccess. As soon as I use an 'Allow from' 
directive in an htaccess the 'Order' directive seems to be reset to its 
default (Deny,Allow). Setting the 'Order' directive explicitely to 
'Allow,Deny' in the htaccess seems to reset the access list so any 'Allow' 
or 'Deny' directives from the virtualhost specifications are flushed.

It seems to me the mod_access logic is simply not additive. Any use of one
of it's directives on a higher level will override settings made on a
lower level. If this is how it's supposed to be, that's fine and it's
simply a limitation I have to live with, but I'm still not sure this is
the way it should behave. Can anyone confirm mod_access (Apache 1.3) not
being additive?


> What happens if you put the Allow directive in httpd.conf rather than
> the .htaccess?

<Directory /mnt/docs/PHP/test>
	# Deny access by default
	# Grant access to specific adresses thru a htaccess file
	Options FollowSymLinks
	AllowOverride Limit
	Order Allow,Deny
	Allow from 127.0.0.1
</Directory>

As expected access is denied:

test.mydomain 1.2.3.4 - - [22/Jun/2004:09:40:57 +0200] "GET / 
HTTP/1.1" 403 210 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 
.NET CLR 1.1.4322)"

[Tue Jun 22 09:40:57 2004] [error] [client 1.2.3.4] client denied by 
server configuration: /mnt/docs/PHP/test


But when I place this htaccess:

Allow from 127.0.0.1


Access is granted again, being caused (I think) by an implicit flush of 
all mod_access parms.


Best regards,

-- 
Matthijs van der Klip
System Administrator
Spill E-Projects
The Netherlands




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message