httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Stover" <bxsto...@yahoo.co.uk>
Subject [users@httpd] How to resolve this .htaccess conflict ?
Date Fri, 12 Jan 2007 19:33:23 GMT
Assume there is the .htaccess file show at the bottom of this posting.

At first every read and write access is denied and no permissions are given
because no "allow" statement is entered.

Fine. But now I want to allow some users to access these directories
but only with authentication (login+password).

For these users I setup the three lines AuthName, AuthUserFile and AuthGroupFile.
Notice that I mix a "deny" access instruction not with its counterpart "allow" but
with completely different "Auth..." statements plus OUTSIDE the "Limit" scope !

Are these Auth statements recognized at all or does the missing
"allow" statement above prevent any further permissions ?
In other words: Do the Auth statements have a higher priority
than the non-existence of an allow statement ?

If Auth statements are not considered: Does it change anything if I put these Auth statements
BEFORE the "deny" command (on top of the .htaccess file) ?

.htaccess file:
---
<Limit GET POST>
order deny,allow
deny from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName Authenticated users 
AuthUserFile /home/myhtaccess/service.pwd
AuthGroupFile /home/myhtaccess/service.grp
---



Send instant messages to your online friends http://uk.messenger.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message