Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D571410F6A for ; Fri, 4 Apr 2014 12:44:32 +0000 (UTC) Received: (qmail 72888 invoked by uid 500); 4 Apr 2014 12:44:30 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 72432 invoked by uid 500); 4 Apr 2014 12:44:29 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 72421 invoked by uid 99); 4 Apr 2014 12:44:27 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Apr 2014 12:44:27 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of covener@gmail.com designates 209.85.219.50 as permitted sender) Received: from [209.85.219.50] (HELO mail-oa0-f50.google.com) (209.85.219.50) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Apr 2014 12:44:23 +0000 Received: by mail-oa0-f50.google.com with SMTP id i7so3518964oag.9 for ; Fri, 04 Apr 2014 05:44:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=M6uPIKr6vBjUEfpE4mRxcwcXjdMmj9klDLgZ5+T6UcI=; b=Vw6d/oiuRj3C9dRH/9F1CalP+LoR+cy4pJvhU8J9Mxzoa3AvVahaNAU1I+2O1l92n6 8EFtE6qF703StqVpoQJLWNHIjUsSfLirsczHimGpuJOeMycDqieMXt1kmrRiP+grdjou wxMGzivEUJSn3ryXw++/eG7JNzx4xtCOyW/Ku+FXiIMqxZQ/wTPgPvPEPb5H06Y/clx6 uU9eX8J0xQj1Xkpm4ZH27YgZLu8DdDw2gxn0pB2tOkIYEpnEc5F0+AxTncCZcJhH9YMH TafwknHVWSDEKBS4BAN0+HwqcSuAnp5MDRbs6ybF9UTsKsssl26WHkI3fIjn222wOLHE HiEA== MIME-Version: 1.0 X-Received: by 10.60.157.167 with SMTP id wn7mr18857009oeb.7.1396615442873; Fri, 04 Apr 2014 05:44:02 -0700 (PDT) Received: by 10.60.161.68 with HTTP; Fri, 4 Apr 2014 05:44:02 -0700 (PDT) In-Reply-To: <20140404083808.0e4fe84f@imp> References: <20140404083808.0e4fe84f@imp> Date: Fri, 4 Apr 2014 08:44:02 -0400 Message-ID: From: Eric Covener To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Can't restrict file access Maybe you have a covering the same space with other access control? If you overlap directory/files with location, bad things happen. On Fri, Apr 4, 2014 at 8:38 AM, D'Arcy J.M. Cain wrote: > I just noticed that files that should be blocked can easily be seen on > my server. I have the following code in my httpd.conf yes anyone can > view my svn repository or read my .htaccess files. I think that the > first one was actually part of the sample config from Apache. Can > anyone see a problem? I checked the web and found other ways to > protect those files but none of them work either. > > > Order allow,deny > Deny from all > Satisfy All > > > > Order allow,deny > Deny from all > Satisfy All > > > -- > D'Arcy J.M. Cain > System Administrator, Vex.Net > http://www.Vex.Net/ IM:darcy@Vex.Net > VoIP: sip:darcy@Vex.Net > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > -- Eric Covener covener@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org