httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J.M. Castroagudin" <jose.castroagu...@webfg.com>
Subject Re: [users@httpd] Allow/Deny directive and https
Date Tue, 25 Sep 2007 13:28:38 GMT
Er... I don`t want to look like I am desperate... but i am actually a 
bit, hehe...

Anyone has any idea about this? am I doing something wrong?
any contribution will be welcome

Thank you all very much!


J.M. Castroagudin escribió:
> Hmmm... I thought that "deny,allow", as I had, was the right order. I 
> mean, "first of all, nobody can get in. Then, if someone`s IP match 
> 'intranet', let him in"....
>
> Anyway, I tried changing it, and it behaves the same: no SSL, works 
> right. With SSL, everybody can get in...
>
>
> Perhaps there is any limitation involving SSL and IP filtering (i dont 
> know, something like the issue SSL-Vhosts, or so...)?
>
> Any idea?
>
> Thanks!
>
>
> Phillip Hamilton escribió:
>> I'm no ENV pro, but have you tried "Order Allow, Deny"?
>>
>> "deny,Allow"
>> The deny directives are evaluated before the Allow directives. Access is
>> allowed by default. Any client which does not match a deny directive 
>> or does
>> match an Allow directive will be allowed access to the server."
>>
>>
>> :)
>>
>> -----Original Message-----
>> From: J.M. Castroagudin [mailto:jose.castroagudin@webfg.com] Sent: 
>> Thursday, September 13, 2007 8:47 AM
>> To: users@httpd.apache.org
>> Subject: [users@httpd] Allow/Deny directive and https
>>
>> Hi everybody,
>>
>> I have been trying to limit access to certain 'directories' (inside a 
>> https vhost) based on IP directives. Something like this:
>>
>>
>> SetEnvIf remote_addr W.X.Y.Z intranet
>> SetEnvIf Client-ip W.X.Y.Z intranet
>>
>>
>> <VirtualHost *:443>
>> DocumentRoot "/disc/html/https"
>> ServerName secure.foo.com
>>
>> ....
>>
>> <Directory /disc/html/https/intranet>
>>     Order Deny,Allow
>>     Deny from All
>>     Allow from env=intranet
>> </Directory>
>>
>> ....
>>
>> </VirtualHost>
>>
>>
>> There is only a https virtual host in this server.
>>
>> But it seems not to work as expected. Accesing via 
>> 'http://secure.foo.com', Deny and Allow directives work right (it is 
>> defined before in conf file). Although, entering via 
>> 'https://secure.foo.com', everybody has acces to this directory...
>>
>>
>> Is there a way to do this? I am beginning thinking it can not be 
>> possible... it is?
>>
>> Thanks in advance,
>>
>> J.M.Castroagudín Silva
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>   
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message