httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nigel Gilbert <n.gilb...@soc.surrey.ac.uk>
Subject [users@httpd] .htaccess 'allow from' and directories
Date Mon, 19 Jul 2004 12:57:49 GMT
>

I sorry that I didn't make my question clearer.  In reply to your  
answer, the httpd.conf file already includes
AllowOverride All

The problem I have is that while it is possible using the <Files>  
directive to allow access to named files, it seems that it is not  
possible to specify that I wish to grant access to the index page which  
is implicitly referenced when the user accesses the top level  
directory.  Is that correct?

For example,
>> <Files index.html>
>> Allow from all
>> </Files>

will give access to http://my.domain.com/index.html

but if the user enters the URL http://my.domain.com/
I would expect the user to get access to index.html, but actually  
access is denied.

I hope this is clearer - if not my original question is appended.

thanks

Nigel




> Date: Mon, 19 Jul 2004 10:00:24 +0200
> To: <users@httpd.apache.org>
> From: "Boyle Owen" <Owen.Boyle@swx.com>
> Subject: RE: [users@httpd] .htaccess 'allow from' and directories
> Message-ID:  
> <FAB6A3A2CC5BDB448DADFA1C8C0752965F7534@SOMEXEVS001.ex.ordersx.org>
>
>
> .htaccess files can only be used to override main config directives if
> the config allows it (via the AllowOverride directive). Apache is
> "friendly" so the default for this directive is "AllowOverride All". So
> if the apache-admin doesn't care, you can simply override the access
> directives by putting:
>
> <Files *>
>   Allow from all
> </Files>
>
> in .htaccess.
>
> However, if the apache admin doesn't want you to do this, he will have
> disabled overrridng in the config (eg, AllowOverride None). Then you
> can't do it all - neither should you be able to - it's a security
> feature and if you don't have the right to edit the config, you don't
> have control of the server.
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.=20
>
> Diese E-mail ist eine private und pers=F6nliche Kommunikation. Sie hat
> keinen Bezug zur B=F6rsen- bzw. Gesch=E4ftst=E4tigkeit der SWX Gruppe.  
> =
> This
> e-mail is of a private and personal nature. It is not related to the
> exchange or business activities of the SWX Group. Le pr=E9sent e-mail =
> est
> un message priv=E9 et personnel, sans rapport avec l'activit=E9 =
> boursi=E8re du
> Groupe SWX.
>
>> -----Original Message-----
>> From: Nigel Gilbert [mailto:n.gilbert@soc.surrey.ac.uk]
>> Sent: Sonntag, 18. Juli 2004 13:01
>> To: users@httpd.apache.org
>> Subject: [users@httpd] .htaccess 'allow from' and directories
>> =20
>> =20
>> I have an .htaccess file at the top level which allows users in  
>> from=20
>> specified IP addresses.  The allow commands are within a <Files>=20
>> directive in the .htaccess file.  There is also a <Files> directive=20
>> which allows all users access to index.html.   e.g.:
>> =20
>> <Files *>
>> Order Allow,Deny
>> Allow from 206.40
>> ....
>> </Files>
>> <Files index.html>
>> Allow from all
>> </Files>
>> =20
>> The result is that, as expected, all users are allowed to access  
>> the=20
>> location http://my.domain.com/index.html if they specify this  
>> address=20
>> explicitly.  However, if they try to access the location=20
>> http://my.domain.com/  (no explicit index.html) and are not on the=20
>> allowed IP list, their access is denied.  I would like the=20
>> behaviour to=20
>> be exactly the same as if they had specified index.html in their URL.
>> =20
>> How can I achieve this?  I do not have permissions to change the=20
>> httpd.conf file, so any solution needs to be workable using only  
>> the=20
>> .htaccess context (this excludes using <Directory > directive, as  
>> far=20
>> as I can see from the documentation).
________________________________________________________________________ 
__
Professor Nigel Gilbert, FREng, AcSS, Pro Vice-Chancellor and Professor  
of
Sociology, University of Surrey, Guildford GU2 7XH, UK. +44 (0)1483  
689173


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message