httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Several .htaccess
Date Mon, 07 Aug 2006 15:42:41 GMT
On 8/7/06, Marc MENDEZ <cnmm600@yahoo.fr> wrote:
> Hi,
>
> The root of our extranet site is protected by a .htaccess file. If the user
> is inside our network, no identification is required. Otherwise, he must
> identified.
> Here is the file :
>
> AuthUserFile path_to_password_file
> AuthGroupFile /dev/null
> AuthName ":: INFORMATIONS CONFIDENTIELLES ::"
> AuthType Basic
>
> <limit GET POST>
> order deny,allow
> deny from all
> allow from our_network
> require valid-user
> satisfy any
> </Limit>
>
> It works
>
> However, a subdirectory must be restricted differently : if the user is
> outside our network, no access !
> Here is the second .htaccess
> Allow from our_network
> Deny from all
>
> This second .htaccess worked 'till I modify the first one to prevent users
> from identifying if they are in our network.
>
> I suppose that as the first .htaccess grants access to the whole website,
> the second one is not used.....
> How can I urge Apache to use the second one ?

1. Remove the lines <Limit GET POST> and </Limit> which are not needed
and are a possible security risk.  (Read the docs on <Limit> for more
info.)

2. Put "Satisfy all" in the .htaccess in the subdirectory.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message