httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zembower, Kevin" <>
Subject [users@httpd] How to handle nested authorization requirements?
Date Thu, 08 Mar 2007 15:13:27 GMT
I'm having trouble with a 'nested' authorization requirement. Here's
part of my httpd.conf file:
cn2:/etc/apache# egrep -v '^[[:space:]]*#|^[[:space:]]*$' httpd.conf
NameVirtualHost *
<VirtualHost *>
     DocumentRoot /var/www/centernet/htdocs
     <Directory /var/www/centernet/htdocs>
         AuthType Basic
         AuthName "JHU/CCP"
         AuthUserFile /var/www/centernet/users
         require valid-user
         satisfy any
         order deny,allow
         allow from
         deny from all
     <Directory /var/www/centernet/htdocs/staffonly>
        AuthType Basic
        AuthName "CCP Staff Only"
        AuthUserFile /var/www/centernet/staffonlylist
        require valid-user

In the first part of the centernet VirtualHost section, I restrict users
to either be in specific IP address ranges, or enter the password in
/var/www/centernet/users. I want to put an additional restriction on
viewing the files in /var/www/centernet/htdocs/staffonly/. However, when
I test this from inside the specified IP address ranges, it never asks
me to authenticate to view the files in /staffonly/.

How should I change my config file to put additional authorization
requirements on the /staffonly/ directory?

Thanks in advance for all your help and suggestions.


Kevin Zembower
Internet Services Group manager
Center for Communication Programs
Bloomberg School of Public Health
Johns Hopkins University
111 Market Place, Suite 310
Baltimore, Maryland  21202

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message