httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] restrict access to apache group
Date Fri, 04 Jun 2004 19:37:35 GMT

On Fri, 4 Jun 2004, p chidamb wrote:
> Typically, virtual directories and files are secured
> by allowing specific apache users or apache groups to
> access them.
>
> I need to do the opposite... I need to deny access to
> specific files based on an apache group.

This can't be done easily, since apache doesn't even record the group 
membership anywhere.

One way to handle this would be

RewriteEngine On
RewriteMap not-allowed txt:/path/to/not-allowed.txt
RewriteCond ${not-allowed:%{LA-U:REMOTE_USER}|NOT_FOUND} !=NOT_FOUND
RewriteRule .* - [F]

Where /path/to/not-allowed.txt would look something like
baduser1 -
baduser2 -
baduser3 -
(The dash is necessary because RewriteMaps are key-value pairs, even 
though you don't really care about the value.)

If you have lots of "badusers", then you should use a dbm RewriteMap 
instead of a text one.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message