httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Brooks <jason.bro...@eroi.com>
Subject [users@httpd] Apache 2.4 access control question
Date Tue, 18 Jul 2017 23:02:09 GMT
Hello,

This is on a ubuntu 16.04 LTS system running apache 2.4.18 (mpm_event) with php 7.0 running
in php-fpm mode.

I wish to completely block access to a directory in my document root except to a set of ip
addresses but it’s not working and I am trying to figure out what is happening.  

My .htaccess settings only seem to apply when only accessing the directory, but not when I
access a file IN that directory.

Is there a setting that allows access to files if explicitly referenced to in the url?

Here are my tests:
	
	Directory name: <documentroot>/opcache
	.htaccess contents: “require all denied”

	access to https://<myserver>/opcache is forbidden (OK!)

	access to https”//<myserver>/opcache/test.php is allowed. (What?)

The same thing happens if I don’t use a .htaccess file but instead define a <Directory>
section in my apache config.

Why would this happen?

—jason

Jason Brooks	Systems Administrator
eROI	Performance is Art.
 
m:	505 nw couch #300	w:	eroi.com <http://eroi.com/>
t:	503.290.3105	f:	503.228.4249


fb:	fb.com/eROI <http://www.facebook.com/eROI>









Mime
View raw message