httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Voelkel <stefan.voel...@millenux.com>
Subject Re: [users@httpd] Different Auth's for /repos and /repos/foo.txt
Date Tue, 15 Mar 2005 13:51:50 GMT
> Need more details.  Give us your best guess at the correct
> configuration, and exactly what happens when you try to use this
> configuration (including relevant excerpts from the apache error log).

Will do, but there is no error, it just simply does not work as I want it
to :)

Abstract
========

  There are special files in my subversion repository i want to protect
(f.e. "prod.properties"). To be able to see these files you must be in a
special group called "admin". Access to all other files should be granted
if you do sent valid crendentials to the webserver.


Configuration
=============

<Location /repos>
        DAV svn
        SVNParentPath /home/svn/repositories

        AuthzSVNAccessFile ../users/access-file

        Satisfy All
        Require valid-user

        AuthType Basic
        AuthName "Subversion repository"
        AuthUserFile ../users/users.htpasswd

        AuthAuthoritative off
</Location>

<LocationMatch "prod.properties$">
        Require group admin
</LocationMatch>


Authentification
================

user.password:

  super:XXXXXXX
  fred:XXXXXX

acces-file:

  [groups]
  admin = super

  [test:/]
  fred = r


access_log
==========
127.0.0.1 - super[15/Mar/2005:14:40:12 +0100] "GET
/repos/dscneu/branches/prod/prod.properties HTTP/1.1" 200 182833
127.0.0.1 - fred [15/Mar/2005:14:40:33 +0100] "GET
/repos/test/branches/prod/prod.properties HTTP/1.1" 200 182833


Now the second get should fail. If I change the LocationMatch to this:

  <LocationMatch "prod.properties$">
        order deny,allow
        deny from all
  </LocationMatch>


This happens in the log:


127.0.0.1 - - [15/Mar/2005:14:41:54 +0100] "GET
/repos/dscneu/branches/prod/prod.properties HTTP/1.1" 403 487

thus the <LocationMatch> is evaluated, but I can not additionally require a
group for special files.

And in the error log:


[Tue Mar 15 14:50:27 2005] [error] an unknown filter was not added:
includes

I permuted pretty much everything, <Files>, <FilesMatch> instead of
<LocationMatch>, Auth* options in the <LocationMatch> section, etc. but
everytime either all users can access the file even fred, or nobody at all.

Thanks again,

regards
  Stefan
-- 
Stefan V├Âlkel                            stefan.voelkel@millenux.com
Millenux GmbH                              mobile: +49.170.79177.17
Lilienthalstra├če 2                          phone: +49.711.88770.300
70825 Stuttgart-Korntal                       fax: +49.711.88770.349
     -= linux without limits -=- http://linux.zSeries.org/ =-

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message