httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Rabbitson <rabbit+mailli...@rabbit.us>
Subject [users@httpd] Is order of Location statements supposed to be significant?
Date Fri, 31 Aug 2007 13:45:07 GMT
Hello,

My goal is to allow any "Admin" user to access / of a virtual host, and 
any "Backup" user to access /backups of the same host. I have a user 
which is a member of the Admin group but not a member of the Backup 
group. If my configuration looks like this:

     <Location /> 
 

         AuthType Basic 
 

         AuthName "Restricted Admin area" 
 

         Require group Admin 
 

         AuthUserFile /etc/apache2/config/Passwd 
 

         AuthGroupFile /etc/apache2/config/Group 
 

     </Location>

     <Location /backups> 
 

         AuthType Basic 
 

         AuthName "Restricted Backup area" 
 

         Require group Backup 
 

         AuthUserFile /etc/apache2/config/Passwd 
 

         AuthGroupFile /etc/apache2/config/Group 
 

     </Location>

everything works as expected. However if the order of the Location 
statements is reversed (first /backups, then /) any member of Admin can 
access the entire site. I guess that the / is treated as a wildcard, and 
changes the previous Auth* settings of /backups.

My question is whether this is documented anywhere? I use a number of 
mod_macro statements all over my site and always believed that order of 
statements is not significant, only the nesting level. Now I am not sure 
how many more hidden problems I have in my configs.

Please point me to documentation in what circumstances the order of 
similar statements is significant, as my digging around the 2.2 manual 
proved fruitless.

Thank you

Peter
 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message