httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Swift <steve.j.sw...@gmail.com>
Subject [users@httpd] Protecting certain cgi-bin subdirectories
Date Sat, 05 Aug 2006 09:25:43 GMT
I'm using Apache 2.0.46 and I want to password protect all of the
subdirectories below cgi-bin.  This is easy, with:

<DirectoryMatch /var/www/cgi-bin/.*/>

Require valid-user

</DirectoryMatch>

This works fine, you need a userid, any userid, to get into the
subdirectories.

 

Now, I'd like to be more selective about who gets into the /admin
subdirectory, so I add:

<Directory /var/www/cgi-bin/admin>

Require user Swifty

</Directory>

 

This second step had no effect.  I could still fetch pages from
/var/www/cgi-bin/admin with any valid user.

 

The only way that I found to get this working was to change the original
DirectoryMatch to somehow exclude the /admin directory:

<DirectoryMatch /var/www/cgi-bin/[^a].*/>

This works, and "Swifty" is the only user who can get into /cgi-bin/admin/
but now all of the other subdirectories starting with "a" are not protected
at all.

I can work around this by getting cleverer with the pattern in the
<DirectoryMatch> but I'd rather not.

 

Can someone explain to me why my original <Directory> statement had no
effect, please? 

Better still, can anyone propose an elegant solution to this?

 

I'm reasonably sure that I had this setup working at one point, with just
the first two statements above as they stand, but it may be that I never
verified the restriction on the /cgi-bin/admin directory.

 

Steve Swift

http://www.swiftys.org.uk

 


Mime
View raw message