httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nick.minute...@uk.bnpparibas.com
Subject RE: [users@httpd] Options Indexes: how to force listing of directories with access control settings?
Date Thu, 21 Apr 2005 22:24:19 GMT


>> If not, then a really silly question: Are you really sure you're running
apache 1.3? (go to the bin dir and do ./httpd -v to check!)
I am a dumbass.
On my production server, I am indeed running apache 1.3.27-2 ...
However, the server I was testing on..... had 2.x....
Goes to show : There is never such a thing as a stupid question.

Thanks a lot for your help. Really.

-Nick









Extranet
Owen.Boyle@swx.com - 21/04/2005 08:03


Please respond to users@httpd.apache.org



To:    users

cc:


Subject:    RE: [users@httpd] Options Indexes: how to force listing of
       directories with access control settings?


> -----Original Message-----
> From: nick.minutello@uk.bnpparibas.com
>
> >> I guess you're using apache 2?
> Actually, its 1.3...

Eh?

I just went back to your original post and replicated your config. I cannot
reproduce your problem with apache 1.3.33.

If I password-protect a sub-directory using your exact .htaccess file
directives, the directory is listed but if I click on it, I am prompted for
a password.

If I put "Deny from all" in the <Directory> container, the directory is
listed but if I click on it, I get a "403 Forbidden".

In no case is the directory *not* listed. This is exactly the behaviour I
would expect in 1.3. Therefore your problem must have a different cause.

Looking back at your original post, I'd pose a few questions:

- the parent directory for the index is "/data/scm/buildarchive/archives".
This doesn't sound like it is directly under the doc-root. Is it? Or is it
accessed via an Alias or symlink or something?
- do you have any directory container for the sub-dirs (eg,
/data/scm/buildarchive/archives/ARCH1) that could conflict with the
.htaccess fie there?
- do you have a .htaccess file in the parent dir that could conflict with
the container in the config?
- are there any less-specific directory containers or .htaccess files (ie,
above the parent dir) which contain directives that the parent dir might
inherit?

Finally, try a simple experiment:

- Directly under the docroot, make a directory "banana". This is the parent
dir.
- in banana, make two sub-dirs: kiwi and mango. Create a couple of files in
each.
- in the config, do:

     <Directory /path/to/docroot/banana>
         Options Indexes
         AllowOverride AuthConfig
     </Directory>

Now if you go to http://server/banana/ you should see a listing of kiwi and
mango and clicking on them should list the contents.

- in kiwi, copy in your .htaccess from
/data/scm/buildarchive/archives/ARCH1
- now go back to http://server/banana/, do you see kiwi listed? (you
should)
- if you click on kiwi, are you prompted for a password? (you should be)

If not, then a really silly question: Are you really sure you're running
apache 1.3? (go to the bin dir and do ./httpd -v to check!)

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.






>
> >> This sounds a lot like what happens when you have files in
> the directory
> which are subject to a Deny directive
> I am using a Require rather than Deny... but its the same issue....
>
> >> - you can see them but can't access them in apache 1.3 but
> you can't see
> them at all in apache 2.
> Hmm, I am running 1.3...
>
> >> you can see them but can't access them
> You describe it well - thats exactly the behaviour I want.
> I want people to be able to see the protected files/dirs, but
> get prompted
> for a password in order access them... (subject to authorisation...)
>
> >> there is a discussion at:
> http://marc.theaimsgroup.com/?l=apache-httpd-users&m=107632025
> 906691&w=2
> If I understood that thread correctly, its more about the
> actual filesystem
> permissions (chmod), rather than Require/Deny directives in Apache....
>
> -Nick
>
> >> Nice try, but mod_autoindex works by try to access the
> file using the
> configured ruleset so it'll still hit the block...
> Yup...
>
>
>
>
>
>
> Extranet
> Owen.Boyle@swx.com - 20/04/2005 16:20
>
>
> Please respond to users@httpd.apache.org
>
>
>
> To:    users
>
> cc:
>
>
> Subject:    RE: [users@httpd] Options Indexes: how to force listing of
>        directories with access control settings?
>
>
> > -----Original Message-----
> > From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
> > Sent: Mittwoch, 20. April 2005 16:31
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] Options Indexes: how to force listing of
> > directories with access control settings?
> >
> >
> > On Tue, 19 Apr 2005 nick.minutello@uk.bnpparibas.com wrote:
> >
> > >
> > > I am using .htaccess to control access to a directory.
> > > However, this hides the directory from the index listing of
> > its parent dir
> > > (if the user isnt logged in).
> > >
> > > Is there a trick to Options, IndexOptions or AuthXXX to list all
> > > directories, regardless of their access control, when a
> > user isnt logged
> > > in?
>
> I guess you're using apache 2? This sounds a lot like what
> happens when you
> have files in the directory which are subject to a Deny
> directive - you can
> see them but can't access them in apache 1.3 but you can't
> see them at all
> in apache 2.
>
> You can have a big-end/little-end debate about which is
> better, but there
> is a discussion at:
> http://marc.theaimsgroup.com/?l=apache-httpd-users&m=107632025
> 906691&w=2
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
>
> > >
> > >
> > Bit of a guess, here, but why not try putting all of the
> Auth stuff in
> > .htaccess inside a Files block, with a match of '*'?
>
> Nice try, but mod_autoindex works by try to access the file using the
> configured ruleset so it'll still hit the block...
>
>
> >
> >
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> Diese E-mail ist eine private und persönliche Kommunikation.
> Sie hat keinen
> Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe.
> This e-mail is of
> a private and personal nature. It is not related to the exchange or
> business activities of the SWX Group. Le présent e-mail est un message
> privé et personnel, sans rapport avec l'activité boursière du
> Groupe SWX.
>
>
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any
> mistransmission. If
> you receive this message in error, please notify the sender
> urgently and
> then immediately delete the message and any copies of it from
> your system.
> Please also immediately destroy any hardcopies of the
> message. You must
> not, directly or indirectly, use, disclose, distribute,
> print, or copy any
> part of this message if you are not the intended recipient.
> The sender's
> company reserves the right to monitor all e-mail
> communications through
> their networks. Any views expressed in this message are those of the
> individual sender, except where the message states otherwise
> and the sender
> is authorised to state them to be the views of the sender's company.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>  For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> This message and any attachments (the "message") is
> intended solely for the addressees and is confidential.
> If you receive this message in error, please delete it and
> immediately notify the sender. Any use not in accord with
> its purpose, any dissemination or disclosure, either whole
> or partial, is prohibited except formal approval. The internet
> can not guarantee the integrity of this message.
> BNP PARIBAS (and its subsidiaries) shall (will) not
> therefore be liable for the message if modified.
>
> **************************************************************
> ********************************
>
> BNP Paribas Private Bank London Branch is authorised
> by CECEI & AMF and is regulated by the Financial Services
> Authority for the conduct of its investment business in the
> United Kingdom.
>
> BNP Paribas Securities Services London Branch is authorised
> by CECEI & AMF and is regulated by the Financial Services
> Authority for the conduct of its investment business in the
> United Kingdom.
>
> BNP Paribas Fund Services UK Limited is authorised and
> regulated by the Financial Services Authority.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. You must
not, directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail communications through
their networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
 For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message