httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "George Georgalis" <geo...@galis.org>
Subject [users@httpd] auth allow,deny with condition...
Date Fri, 07 Jul 2006 20:02:36 GMT
I'm trying to setup a domain that uses Basic Auth for everything
but a few items, and no auth for them.  I'd like the mod_dir
DirectoryIndex to work for DocumentRoot, but any other page to
require a valid-user.

The goal is to return instructions at the DocumentRoot, but
require auth for any guessed url, existing or not.  So people
cannot determine if a url exists by checking for 401 vs 404
errors, even if they cannot access the content. In addition to the
index.html (not auto indexing of course), there are a few other
directories that I need unprotected.

My most recent attempt to config...

<Directory />
	Options -Indexes
	Order allow,deny
	Allow from all
	  AuthType Basic
	  AuthName "files"
	  Require valid-user
</Directory>
<Location /account1>
	AuthUserFile /usr/local/etc/apache2/ht/account1
<Location>

But that has problems; AuthUserFile does not exists for
DocumentRoot and I cannot figure out how to selectively add back
Allow to a component, DocumentRoot or a location container (there
are many).

I need something that will error 401 for anything (existing or
not), with a few exceptions like /template/, /errordoc/ and /,
which should all serve without auth, or error. And, of course,
allow for location containers with unique AuthUserFiles. Is that
possible?

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message