httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Allow/Deny directive and https
Date Tue, 25 Sep 2007 16:53:24 GMT
On 9/13/07, J.M. Castroagudin <jose.castroagudin@webfg.com> wrote:
> Hi everybody,
>
> I have been trying to limit access to certain 'directories' (inside a
> https vhost) based on IP directives. Something like this:
>
>
> SetEnvIf remote_addr W.X.Y.Z intranet
> SetEnvIf Client-ip W.X.Y.Z intranet
>
>
> <VirtualHost *:443>
> DocumentRoot "/disc/html/https"
> ServerName secure.foo.com
>
> ....
>
> <Directory /disc/html/https/intranet>
>     Order Deny,Allow
>     Deny from All
>     Allow from env=intranet
> </Directory>
>
> ....
>
> </VirtualHost>
>
>
> There is only a https virtual host in this server.
>
> But it seems not to work as expected. Accesing via
> 'http://secure.foo.com', Deny and Allow directives work right (it is
> defined before in conf file). Although, entering via
> 'https://secure.foo.com', everybody has acces to this directory...

Start by replacing your mod_setenvif-based config with a simple "Deny
from all" and make sure that works. If it doesn't work, you likely
have something else in the config file overriding it. For example,
directives in <Location> sections will override <Directory> sections.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message