Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 44676 invoked from network); 25 Sep 2007 13:30:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Sep 2007 13:30:00 -0000 Received: (qmail 20041 invoked by uid 500); 25 Sep 2007 13:29:28 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 20028 invoked by uid 500); 25 Sep 2007 13:29:28 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 20017 invoked by uid 99); 25 Sep 2007 13:29:28 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Sep 2007 06:29:28 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [217.116.17.66] (HELO web1.webfg.com) (217.116.17.66) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Sep 2007 13:29:26 +0000 Received: from localhost (localhost [127.0.0.1]) by web1.webfg.com (Postfix) with ESMTP id AC885264647 for ; Tue, 25 Sep 2007 15:28:55 +0200 (CEST) Received: from web1.webfg.com ([127.0.0.1]) by localhost (web1 [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14542-09 for ; Tue, 25 Sep 2007 15:28:52 +0200 (CEST) Received: from [192.168.0.124] (unknown [89.6.116.200]) by web1.webfg.com (Postfix) with ESMTP id 604A5264652 for ; Tue, 25 Sep 2007 15:28:52 +0200 (CEST) Message-ID: <46F90D06.2060002@webfg.com> Date: Tue, 25 Sep 2007 15:28:38 +0200 From: "J.M. Castroagudin" User-Agent: Thunderbird 1.5.0.13 (X11/20070824) MIME-Version: 1.0 To: users@httpd.apache.org References: <46E93F41.8000804@webfg.com> <013301c7f619$da711d90$8f5358b0$@biz> <46E95C8E.3000508@webfg.com> In-Reply-To: <46E95C8E.3000508@webfg.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at webfg.com X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Allow/Deny directive and https Er... I don`t want to look like I am desperate... but i am actually a bit, hehe... Anyone has any idea about this? am I doing something wrong? any contribution will be welcome Thank you all very much! J.M. Castroagudin escribi�: > Hmmm... I thought that "deny,allow", as I had, was the right order. I > mean, "first of all, nobody can get in. Then, if someone`s IP match > 'intranet', let him in".... > > Anyway, I tried changing it, and it behaves the same: no SSL, works > right. With SSL, everybody can get in... > > > Perhaps there is any limitation involving SSL and IP filtering (i dont > know, something like the issue SSL-Vhosts, or so...)? > > Any idea? > > Thanks! > > > Phillip Hamilton escribi�: >> I'm no ENV pro, but have you tried "Order Allow, Deny"? >> >> "deny,Allow" >> The deny directives are evaluated before the Allow directives. Access is >> allowed by default. Any client which does not match a deny directive >> or does >> match an Allow directive will be allowed access to the server." >> >> >> :) >> >> -----Original Message----- >> From: J.M. Castroagudin [mailto:jose.castroagudin@webfg.com] Sent: >> Thursday, September 13, 2007 8:47 AM >> To: users@httpd.apache.org >> Subject: [users@httpd] Allow/Deny directive and https >> >> Hi everybody, >> >> I have been trying to limit access to certain 'directories' (inside a >> https vhost) based on IP directives. Something like this: >> >> >> SetEnvIf remote_addr W.X.Y.Z intranet >> SetEnvIf Client-ip W.X.Y.Z intranet >> >> >> >> DocumentRoot "/disc/html/https" >> ServerName secure.foo.com >> >> .... >> >> >> Order Deny,Allow >> Deny from All >> Allow from env=intranet >> >> >> .... >> >> >> >> >> There is only a https virtual host in this server. >> >> But it seems not to work as expected. Accesing via >> 'http://secure.foo.com', Deny and Allow directives work right (it is >> defined before in conf file). Although, entering via >> 'https://secure.foo.com', everybody has acces to this directory... >> >> >> Is there a way to do this? I am beginning thinking it can not be >> possible... it is? >> >> Thanks in advance, >> >> J.M.Castroagud�n Silva >> >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server >> Project. >> See for more info. >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> " from the digest: users-digest-unsubscribe@httpd.apache.org >> For additional commands, e-mail: users-help@httpd.apache.org >> >> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server >> Project. >> See for more info. >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> " from the digest: users-digest-unsubscribe@httpd.apache.org >> For additional commands, e-mail: users-help@httpd.apache.org >> >> >> > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server > Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org