You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rojo Loco <ro...@hotmail.com> on 2004/12/13 21:12:27 UTC
[users@httpd] Question regarding Authentication in httpd.conf/apache2
I have an httpd.conf question regarding Authentication. My problem is as
follows.
Say, for example, that I'd like to protect /usr/local/www and all
subdirectories, EXCEPT /usr/local/www/unprotected.
When I do the following:
<Directory /usr/local/www>
AllowOverride None
Options FollowSymLinks
Order allow,deny
Allow from all
AuthUserFile /very/protected/path
AuthName "Login here please"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
</Directory>
I can of course get /usr/local/www protected, and all subdirectories.
Can I in any way then after I have said the following above choose to NOT
protect a single subdirectory?
i.e.
<Directory /usr/local/www/unprotected>
I want to NOT require valid-user here and omit any Auth line...
</Directory>
Thanks,
Rojo Loco
===============================
rojoloco <ro...@hotmail.com>
===============================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Question regarding Authentication in httpd.conf/apache2
Posted by Ralf Glauberman <rg...@michaeli-gymnasium.de>.
you could set satisfy any for this dir, but i don't know if this will work.
one tip: you should remove the limit get directive as you should limit
everything. else one would be able to see your files by sending a post in
place of a get.
ralf
----- Original Message -----
From: "Rojo Loco" <ro...@hotmail.com>
To: <us...@httpd.apache.org>
Sent: Monday, December 13, 2004 9:12 PM
Subject: [users@httpd] Question regarding Authentication in
httpd.conf/apache2
>I have an httpd.conf question regarding Authentication. My problem is as
>follows.
>
> Say, for example, that I'd like to protect /usr/local/www and all
> subdirectories, EXCEPT /usr/local/www/unprotected.
>
> When I do the following:
>
> <Directory /usr/local/www>
> AllowOverride None
> Options FollowSymLinks
> Order allow,deny
> Allow from all
> AuthUserFile /very/protected/path
> AuthName "Login here please"
> AuthType Basic
> <Limit GET>
> require valid-user
> </Limit>
> </Directory>
>
> I can of course get /usr/local/www protected, and all subdirectories.
> Can I in any way then after I have said the following above choose to NOT
> protect a single subdirectory?
>
> i.e.
> <Directory /usr/local/www/unprotected>
> I want to NOT require valid-user here and omit any Auth line...
> </Directory>
>
> Thanks,
>
> Rojo Loco
>
> ===============================
> rojoloco <ro...@hotmail.com>
> ===============================
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org