httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Protecting certain cgi-bin subdirectories
Date Sat, 05 Aug 2006 14:21:17 GMT
On 8/5/06, Steve Swift <steve.j.swift@gmail.com> wrote:

> I'm using Apache 2.0.46 and I want to password protect all of the
> subdirectories below cgi-bin.  This is easy, with:

Very old version.  You should upgrade.

>
> <DirectoryMatch /var/www/cgi-bin/.*/>
>
> Require valid-user
>
> </DirectoryMatch>
>
> This works fine, you need a userid, any userid, to get into the
> subdirectories.
>
>
>
> Now, I'd like to be more selective about who gets into the /admin
> subdirectory, so I add:
>
> <Directory /var/www/cgi-bin/admin>
>
> Require user Swifty
>
> </Directory>
>
>
>
> This second step had no effect.  I could still fetch pages from
> /var/www/cgi-bin/admin with any valid user.

You need to read:
http://httpd.apache.org/docs/2.2/sections.html

You'll find that <Directory> automatically protects subdirectories, so
you don't need that <DirectoryMatch> complication.  You'll also find
that the order of processing is important.  Replacing the
<DirectoryMatch> with <Directory> will probably fix your main problem
as well, since it will cause the second Require directive to be
processed last, overriding the first one, rather than vis-versa.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message