httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From personaje <person...@gmail.com>
Subject Re: [users@httpd] access from not restricted file to restricted file....
Date Sat, 10 Jul 2004 04:05:30 GMT
Ok, that's what I get for copy/paste instead of reading...

I wanted to be prompted for user/password because, to load the file
there has to be a GET file... but it didn't worked as when I used the
same .htaccess to protect the whole site....

Now I read, and follow your recomendation and dumped the deny from all
and the limit and got to work.

Thanks.

On Fri, 9 Jul 2004 23:42:37 -0400, Joshua Slive <jslive@gmail.com> wrote:
> 
> 
> On Fri, 9 Jul 2004 18:18:01 -0300, personaje <personaje@gmail.com> wrote:
> > Hello,
> >     I'm using apache to serve a web page that has public and private
> > content. I am using .htaccess to restric the access to some
> > directories containing tar.gz's/images/ppts/pdfs, but the .php file
> > that serves this links is not under the influence of the .htaccess.
> > But when I have a link to one of the protected files from the
> > unprotected .php I get on the apache log :
> >
> > ==> /var/log/apache2/error_log <==
> > [Fri Jul 09 16:14:56 2004] [error] [client 200.114.181.66] client
> > denied by server configuration:
> > /home/aplicaciones/public_html/fotos/Otros/vieja-oficina.jpg
> >
> > ==> /var/log/apache2/access_log <==
> > 200.114.181.66 - - [09/Jul/2004:16:14:56 -0300] "GET
> > /fotos/Otros/vieja-oficina.jpg HTTP/1.1" 403 370 "-" "Mozilla/5.0
> > (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614
> > Firefox/0.9"
> >
> > under /home/aplicaciones/public_html/fotos/Otros I have this .htaccess :
> > AuthType Basic
> > AuthName "Aplicaciones Web Page"
> > AuthUserFile /etc/htpasswd
> >
> > <limit GET>
> >         deny from all
> >         Require valid-user
> > </limit>
> >
> > <files ".htaccess">
> >         deny from all
> > </files>
> >
> > And on the browser I get the html I should, but I don't see any images...
> 
> What exactly do you expect to happen and why?
> 
> I see a couple problems:
> 
> 1. Never use <Limit GET> (well... almost never, and certainly not in
> this case).  See the docs for <Limit> for the explanation.
> 
> 2. With that "deny from all", the "require valid-user" is kind of
> irrelevant.  Why do you have those both there?
> 
> Joshua.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message