httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Seth Chaiklin <s...@dpu.dk>
Subject [users@httpd] Is it possible to use SSLRequire to give differentially access to a directory and asubdirectory?
Date Wed, 21 Mar 2007 02:47:33 GMT
Apache 2.2.4 with mod_ssl

Can someone please confirm that the following is impossible
using only certificates and SSLRequire.

/Directory:                      only user 1 has access
/Subdirectory to Directory:      only user 2 has access

The problem is that, one can either:

b. give access to /Directory to user 1 with a SSLRequire 
expression that only user 1 can satisfy, but then user 2 cannot 
get access to /subdirectory, because the SSLRequire expression 
for /Directory gets passed down.

or

b. give access to /Directory for both users 1 and 2 with a 
SSLRequire expression, while a more restrictive expression can 
prevents access to /subdirectory for user 1.

Neither of these alternatives is desirable. The idea is for each 
user to have access to only the directory or the subdirectory, 
but not both.

The manual mentions that SSLRequire "is a very powerful directive 
because the requirement specification is an arbitrarily complex 
boolean expression containing any number of access checks," but I 
don't think it can handle this kind of differential, individual 
per-directory access -- but maybe my understanding of boolean 
logic is too limited.

Thanks for any insight.

Sincerely,
  Seth Chaiklin




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message