httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] access from not restricted file to restricted file....
Date Sat, 10 Jul 2004 03:42:37 GMT
On Fri, 9 Jul 2004 18:18:01 -0300, personaje <personaje@gmail.com> wrote:
> Hello,
>     I'm using apache to serve a web page that has public and private
> content. I am using .htaccess to restric the access to some
> directories containing tar.gz's/images/ppts/pdfs, but the .php file
> that serves this links is not under the influence of the .htaccess.
> But when I have a link to one of the protected files from the
> unprotected .php I get on the apache log :
> 
> ==> /var/log/apache2/error_log <==
> [Fri Jul 09 16:14:56 2004] [error] [client 200.114.181.66] client
> denied by server configuration:
> /home/aplicaciones/public_html/fotos/Otros/vieja-oficina.jpg
> 
> ==> /var/log/apache2/access_log <==
> 200.114.181.66 - - [09/Jul/2004:16:14:56 -0300] "GET
> /fotos/Otros/vieja-oficina.jpg HTTP/1.1" 403 370 "-" "Mozilla/5.0
> (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614
> Firefox/0.9"
> 
> under /home/aplicaciones/public_html/fotos/Otros I have this .htaccess :
> AuthType Basic
> AuthName "Aplicaciones Web Page"
> AuthUserFile /etc/htpasswd
> 
> <limit GET>
>         deny from all
>         Require valid-user
> </limit>
> 
> <files ".htaccess">
>         deny from all
> </files>
> 
> And on the browser I get the html I should, but I don't see any images...

What exactly do you expect to happen and why?

I see a couple problems:

1. Never use <Limit GET> (well... almost never, and certainly not in
this case).  See the docs for <Limit> for the explanation.

2. With that "deny from all", the "require valid-user" is kind of
irrelevant.  Why do you have those both there?

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message