httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject [users@httpd] RE: .htaccess 'allow from' and directories - not quite there yet
Date Wed, 21 Jul 2004 15:25:53 GMT
Do you know that you are posting directly to me and not via the lilst?

> -----Original Message-----
> From: Nigel Gilbert []
> Sent: Mittwoch, 21. Juli 2004 16:15
> To: Boyle Owen
> Subject: .htaccess 'allow from' and directories - not quite there yet
> I'm obviously stupid, but despite your very clear 
> explanations, I still 
> cannot get it working.
> I'll demonstrate with a cut down example, running on a test server.  
> The httpd.conf file includes the following directives:
> <IfModule mod_userdir.c>
>      UserDir Sites
> </IfModule>

You never mentioned userdir before... I never use the mechanism so I'm
not too familiar with it. I think it's basically just an internal
re-mapping so it probably doesn't make any difference. All the same, it
would've been nice to know...

> <Directory "/Users/scs1ng/Sites/">
>      Options Indexes MultiViews
>      AllowOverride  Limit FileInfo

You said the main config had "AllowOverride All" - it doesn't. However,
the "Limit" does permit the .htaccess file to control access via Allow,
Deny etc. But note that it does not allow other directives to work in
.htaccess which might be important (more later).

>      Order allow,deny
>      Allow from all
> </Directory>
> The .htaccess file in /Users/scs1ng/Sites/ consists of the following  
> (I've added the annotations):
> # deny access to files to all except subscribers (here represented by 
> the single partial IP 206.40; in reality, a long
> # list of 'Allow from' directives for all subscribers)
> <Files *>
>        Order Allow,Deny
>        Allow from 206.40
> </Files>
> # Allow everyone access to the 'front' page
> <Files index.html>
>        Allow from all
> </Files>
> # Allow everyone access to the front page through redirection from a 
> directory only URL
> Allow from all

This directive now lays the whole directory open to all users from
anywhere. This should work. 

The only thing I can think of is that you've overriden the default
DirectoryIndex somewhere so that it is no longer index.html. Then the
server will try for a directory listing but that might be disallowed too
- so you get a 403.

Unfortunately, you can't define DirectoryIndex in .htaccess since the
AllowOverride in the main config does not include "Indexes". If you can
read the main config, look for a DirectoryIndex and copy your index.html
to whatever is defined there (eg, welcome.html).

When you get the 403, have a look at the tail of the error_log - what
does it say?

Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> # Redirect users if they don't have access to an error page
> ErrorDocument 403 /~scs1ng/demo-pub/not_auth.html
> # Ensure that everyone has access to the error page
> <Files not_auth.html>
>        Allow from all
> </Files>
> With this set up:
> accessing http://localhost/~scs1ng/index.html  retrieves the expected 
> index page
> accessing http://localhost/~scs1ng/ results in the 'not authorised' 
> message from not_auth.html
> I have tried moving the position of the 'Allow from all' 
> directive, but 
> to no avail.  I must be misunderstanding your advice.

> I'd really appreciate your help here - I think I must be almost there!
> Nigel Gilbert

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message