httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matus UHLAR - fantomas <uh...@fantomas.sk>
Subject Re: [users@httpd] nested Require group?
Date Sat, 21 Aug 2010 14:41:43 GMT
On 18.08.10 11:23, Andrew Schulman wrote:
> I have outer and inner directories that I want to protect with different
> Require groups directives:
> 
>   <Directory /var/www/html>
>     Require group outer
>   </Directory
> 
>   <Directory /var/www/html/inner>
>     Require group inner
>   </Directory>
> 
> My hope was that the inner Require directive would override the outer one,
> allowing me to protect the inner directory with the more restrictive inner
> group.  Or equivalently, that the two Require group directives would be
> ANDed together.
> 
> Instead, it appears that the two directives are being ORed together,
> resulting in a *less* restrictive policy for the inner directory - the
> opposite of what I wanted.  Anyone in either the outer *or* the inner is
> allowed access to inner.

There is no AND and no OR here. In the /var/www/html/inner only the
"Require group inner" applies.

> Does this seem right?  Does anyone know of a way to AND Require group
> directives?

No. And note you must use different realms by specifying different AuthName
directives, otherwise it may confuse browsers. The access privileges to the
same realm (same AuthName) should be the same within whole realm.


-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
You have the right to remain silent. Anything you say will be misquoted,
then used against you. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message