httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zembower, Kevin" <kzemb...@jhuccp.org>
Subject RE: [users@httpd] Complex authentication problem with LDAP and Apache 2.2.3
Date Fri, 28 Mar 2008 13:23:07 GMT
Joshua, thank you so much for your help. I implemented your suggestion
yesterday, and tested last night from home, and everything seemed to be
working. The solution seems counterintuitive to me; I don't think that I
would have thought of it on my own. Thanks, again.

-Kevin

-----Original Message-----
From: jslive@gmail.com [mailto:jslive@gmail.com] On Behalf Of Joshua
Slive
Sent: Thursday, March 27, 2008 2:23 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Complex authentication problem with LDAP and
Apache 2.2.3

On Thu, Mar 27, 2008 at 2:14 PM, Zembower, Kevin <kzembowe@jhuccp.org>
wrote:

>  However, in a separate section, I want to further restrict access to
>  just records in LDAP and exclude users who are originating from
inside
>  our LAN but don't have records in the LDAP.

>  This too seems to be working correctly from inside our LAN. I can
access
>  everything on the intranet site without authenticating, but if I want
>  anything in /staffonly/, I have to authenticate. When I do so, I can
>  access a document, such as /staffonly/test.html.
>
>  However, when I try to go directly to
>  http://centernet.jhuccp.org/staffonly/test.html from a host outside
of
>  our LAN, I get a 403 Forbidden error and this entry in the logs:
>  [Wed Mar 26 13:19:46 2008] [error] [client 98.218.13.184] client
denied
>  by server configuration:
/var/www/centernet/htdocs/staffonly/test.html
>
>  When I try to access the pages outside of the /staffonly/ directory
from
>  a host outside of our LAN, everything seems to work correctly after I
>  enter my credentials.

Because the Deny entries from the parent directory are inherited in
/staffonly/, when you change Satisfy to all, you completely deny
access to anyone on the Deny list. To fix that, just add
Allow from all
to the /staffonly/ directory section.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message