Return-Path: 
 <users-return-75821-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 45284 invoked from network); 25 Sep 2007 16:54:05 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 25 Sep 2007 16:54:05 -0000
Received: (qmail 29633 invoked by uid 500); 25 Sep 2007 16:53:46 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 29616 invoked by uid 500); 25 Sep 2007 16:53:46 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 29605 invoked by uid 99); 25 Sep 2007 16:53:46 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Sep 2007 09:53:46 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of jslive@gmail.com designates
 209.85.146.178 as permitted sender)
Received: from [209.85.146.178] (HELO wa-out-1112.google.com) (209.85.146.178)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 25 Sep 2007 16:53:46 +0000
Received: by wa-out-1112.google.com with SMTP id k22so2300584waf
        for <users@httpd.apache.org>; Tue, 25 Sep 2007 09:53:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        bh=cewGtGVjsF1Dv9PGceRvqrEArlWLdW5jGcXnw2P/d58=;
        b=XrxCQMR2HVQzCLKJgC0hvDI3dSR17kAQjz+DJeocAYULl2TrXlFa10tZpyDutJ7lQQdX0KVTvY5KeGJJ87qwNafy38fYAJPaZxt1MYLLjPdyw8ubY2Eci2T3D4v7TH02WolIBeyi1WU7/yMWMhB6ZuKu/Bx241W/kBVA3gvCLjk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
        b=lckBAp0pHhWVWofH7AAhn9Ms7QrvsodwvQlBZMjFTG5E07LTBA546AbCkx4rL4+frPRTCE2jjmnwHSAh88QI3tQZzo+giX95POD2GuUc43u7dl68u+YK1cxPEKTrB/qOOE0UYCKW4XKN1VUGQcoD9LY2/d8bMfza69EzpKvcbvI=
Received: by 10.114.197.1 with SMTP id u1mr1444366waf.1190739204809;
        Tue, 25 Sep 2007 09:53:24 -0700 (PDT)
Received: by 10.114.53.5 with HTTP; Tue, 25 Sep 2007 09:53:24 -0700 (PDT)
Message-ID: <e498c1660709250953s285fda92v70b5b63452dbddf2@mail.gmail.com>
Date: Tue, 25 Sep 2007 12:53:24 -0400
From: "Joshua Slive" <joshua@slive.ca>
Sender: jslive@gmail.com
To: users@httpd.apache.org
In-Reply-To: <46E93F41.8000804@webfg.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <46E93F41.8000804@webfg.com>
X-Google-Sender-Auth: 22ac1dd745363387
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Allow/Deny directive and https

On 9/13/07, J.M. Castroagudin <jose.castroagudin@webfg.com> wrote:
> Hi everybody,
>
> I have been trying to limit access to certain 'directories' (inside a
> https vhost) based on IP directives. Something like this:
>
>
> SetEnvIf remote_addr W.X.Y.Z intranet
> SetEnvIf Client-ip W.X.Y.Z intranet
>
>
> <VirtualHost *:443>
> DocumentRoot "/disc/html/https"
> ServerName secure.foo.com
>
> ....
>
> <Directory /disc/html/https/intranet>
>     Order Deny,Allow
>     Deny from All
>     Allow from env=intranet
> </Directory>
>
> ....
>
> </VirtualHost>
>
>
> There is only a https virtual host in this server.
>
> But it seems not to work as expected. Accesing via
> 'http://secure.foo.com', Deny and Allow directives work right (it is
> defined before in conf file). Although, entering via
> 'https://secure.foo.com', everybody has acces to this directory...

Start by replacing your mod_setenvif-based config with a simple "Deny
from all" and make sure that works. If it doesn't work, you likely
have something else in the config file overriding it. For example,
directives in <Location> sections will override <Directory> sections.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org