httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J.M. Castroagudin" <jose.castroagu...@webfg.com>
Subject Re: [users@httpd] Allow/Deny directive and https
Date Thu, 13 Sep 2007 15:51:42 GMT
Hmmm... I thought that "deny,allow", as I had, was the right order. I 
mean, "first of all, nobody can get in. Then, if someone`s IP match 
'intranet', let him in"....

Anyway, I tried changing it, and it behaves the same: no SSL, works 
right. With SSL, everybody can get in...


Perhaps there is any limitation involving SSL and IP filtering (i dont 
know, something like the issue SSL-Vhosts, or so...)?

Any idea?

Thanks!


Phillip Hamilton escribió:
> I'm no ENV pro, but have you tried "Order Allow, Deny"?
>
> "deny,Allow"
> The deny directives are evaluated before the Allow directives. Access is
> allowed by default. Any client which does not match a deny directive or does
> match an Allow directive will be allowed access to the server."
>
>
> :)
>
> -----Original Message-----
> From: J.M. Castroagudin [mailto:jose.castroagudin@webfg.com] 
> Sent: Thursday, September 13, 2007 8:47 AM
> To: users@httpd.apache.org
> Subject: [users@httpd] Allow/Deny directive and https
>
> Hi everybody,
>
> I have been trying to limit access to certain 'directories' (inside a 
> https vhost) based on IP directives. Something like this:
>
>
> SetEnvIf remote_addr W.X.Y.Z intranet
> SetEnvIf Client-ip W.X.Y.Z intranet
>
>
> <VirtualHost *:443>
> DocumentRoot "/disc/html/https"
> ServerName secure.foo.com
>
> ....
>
> <Directory /disc/html/https/intranet>
>     Order Deny,Allow
>     Deny from All
>     Allow from env=intranet
> </Directory>
>
> ....
>
> </VirtualHost>
>
>
> There is only a https virtual host in this server.
>
> But it seems not to work as expected. Accesing via 
> 'http://secure.foo.com', Deny and Allow directives work right (it is 
> defined before in conf file). Although, entering via 
> 'https://secure.foo.com', everybody has acces to this directory...
>
>
> Is there a way to do this? I am beginning thinking it can not be 
> possible... it is?
>
> Thanks in advance,
>
> J.M.Castroagudín Silva
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>   


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message