httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: [users@httpd] Deny/Allow directives within <Directory> have no effect [Workaround]
Date Mon, 29 Sep 2008 23:03:36 GMT
On Mon, Sep 29, 2008 at 5:20 PM, André Warnier <aw@ice-sa.com> wrote:
> Eric Covener wrote:
>>>>
>>>> <Directory "/path/to/protected">
>>>>        Order deny,allow
>>>>        Allow from 192.168
>>>>        Deny from all
>>>>        AllowOverride All
>>>>        Options -Indexes
>>>> </Directory>
>>
>>>> JkMount /protected/jsp/* tomcat_worker
>>
>>>> 141.x.x.x - - [23/Sep/2008:13:28:34 +0200] "GET /protected/index.html
>>>> HTTP/1.0" 200 7675 "-" "Wget/1.11"
>>
>> You need to use <Location>, not <Directory>.
>>
>> This content isn't served out of /path/to/protected, so the
>> configuration for that directory isn't applicable.
>>
> Hi Eric.
> What makes you say that the content for "GET /protected/index.html" is not
> served out of /path/to/protected ?
> (I'm not saying you're wrong, it's just that I don't see that from the
> available information. Did I miss something ?)

You're right, I misread the argument JKMount.

Since the rewrite occurs in .htaccess, access control should be
running twice -- before the rewriting where those rules would apply
and after where they'd no longer apply (for external users, they'd hit
the 403 the first time).

If the rules were in vhost context, only the second check would apply
and external users would be allowed in (because a proxied request
doesn't match any Directory container)

The report still seems to be "off" by one detail.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message