Return-Path: 
 <users-return-89851-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 95881 invoked from network); 31 Jul 2009 14:11:52 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 31 Jul 2009 14:11:52 -0000
Received: (qmail 69670 invoked by uid 500); 31 Jul 2009 14:11:49 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 69636 invoked by uid 500); 31 Jul 2009 14:11:49 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 69627 invoked by uid 99); 31 Jul 2009 14:11:49 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jul 2009 14:11:49 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of aw@ice-sa.com designates
 212.85.38.228 as permitted sender)
Received: from [212.85.38.228] (HELO tor.combios.es) (212.85.38.228)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jul 2009 14:11:38 +0000
Received: from localhost (localhost [127.0.0.1])
	by tor.combios.es (Postfix) with ESMTP id A183C226083
	for <users@httpd.apache.org>; Fri, 31 Jul 2009 16:11:17 +0200 (CEST)
Received: from tor.combios.es ([127.0.0.1])
	by localhost (tor.combios.es [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id XpzUrSqoT75a for <users@httpd.apache.org>;
	Fri, 31 Jul 2009 16:11:17 +0200 (CEST)
Received: from [192.168.245.129] (p549EA614.dip0.t-ipconnect.de
 [84.158.166.20])
	by tor.combios.es (Postfix) with ESMTPA id 5A1D122606E
	for <users@httpd.apache.org>; Fri, 31 Jul 2009 16:11:17 +0200 (CEST)
Message-ID: <4A72FB5C.1000201@ice-sa.com>
Date: Fri, 31 Jul 2009 16:10:36 +0200
From: =?UTF-8?B?QW5kcsOpIFdhcm5pZXI=?= <aw@ice-sa.com>
Reply-To: aw@ice-sa.com
User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)
MIME-Version: 1.0
To: users@httpd.apache.org
References: 
 <98B22390C3C8E44EB51FDCE0064457EA0D07F48CC8@memoexch01.memoland.lan>
 <1249030456.51948.28.camel@strangepork.london.mintel.ad>
 <98B22390C3C8E44EB51FDCE0064457EA0D07F48EF3@memoexch01.memoland.lan>
In-Reply-To: 
 <98B22390C3C8E44EB51FDCE0064457EA0D07F48EF3@memoexch01.memoland.lan>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] Don't require authentication on a subfolder

Scott Brady wrote:
> 
> That worked (I had to put the "/public/" before the "/" 

and remove the trailing slash in "/public/", but it worked).
> 
Just to nitpick a bit :

The fact that you are using mod_SSPI leads me to believe you are running 
Apache on a Windows host.
In that case, you should read this document carefully :

http://httpd.apache.org/docs/2.2/mod/core.html#location

and particularly reflect on this paragraph :

<Location> sections operate completely outside the filesystem. This has 
several consequences. Most importantly, <Location>  directives should 
not be used to control access to filesystem locations. Since several 
different URLs may map to the same filesystem location, such access 
controls may by circumvented.

What that means is explained more completely here :

http://httpd.apache.org/docs/2.2/sections.html

in the section "What to use When".

If that is still not entirely clear, here is a summary :
- the Windows filesystem, in terms of locatiing directories and 
filenames, is case-insensitive.  In other words, "/dir" and "/DIR" and 
"/Dir" all lead to same place.
- the Apache <Location> directive applies to the URL, and IS 
case-sensitive.  In that case, "/public" and "/PUBLIC" are 2 different URLs.

So your section
<Location /public>
applies only to browser requests that come in as 
"http://yourhost/public".  It does not apply if a request comes as 
"http://yourhost/PUBLIC", although for both URLs, Apache will server the 
content of the same disk directory.

In your specific case, it does not really matter, because your intention 
is to release the security for your "public" directory, compared to the 
rest of the site.
But don't do the same for a "secret" part of your site.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org