You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by personaje <pe...@gmail.com> on 2004/07/09 23:18:01 UTC

[users@httpd] access from not restricted file to restricted file....

Hello,
    I'm using apache to serve a web page that has public and private
content. I am using .htaccess to restric the access to some
directories containing tar.gz's/images/ppts/pdfs, but the .php file
that serves this links is not under the influence of the .htaccess.
But when I have a link to one of the protected files from the
unprotected .php I get on the apache log :

==> /var/log/apache2/error_log <==
[Fri Jul 09 16:14:56 2004] [error] [client 200.114.181.66] client
denied by server configuration:
/home/aplicaciones/public_html/fotos/Otros/vieja-oficina.jpg

==> /var/log/apache2/access_log <==
200.114.181.66 - - [09/Jul/2004:16:14:56 -0300] "GET
/fotos/Otros/vieja-oficina.jpg HTTP/1.1" 403 370 "-" "Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614
Firefox/0.9"

under /home/aplicaciones/public_html/fotos/Otros I have this .htaccess :
AuthType Basic
AuthName "Aplicaciones Web Page"
AuthUserFile /etc/htpasswd

<limit GET>
        deny from all
        Require valid-user
</limit>

<files ".htaccess">
        deny from all
</files>

And on the browser I get the html I should, but I don't see any images...

Thanks,
Perso.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] access from not restricted file to restricted file....

Posted by personaje <pe...@gmail.com>.

Ok, that's what I get for copy/paste instead of reading...

I wanted to be prompted for user/password because, to load the file
there has to be a GET file... but it didn't worked as when I used the
same .htaccess to protect the whole site....

Now I read, and follow your recomendation and dumped the deny from all
and the limit and got to work.

Thanks.

On Fri, 9 Jul 2004 23:42:37 -0400, Joshua Slive <js...@gmail.com> wrote:
> 
> 
> On Fri, 9 Jul 2004 18:18:01 -0300, personaje <pe...@gmail.com> wrote:
> > Hello,
> >     I'm using apache to serve a web page that has public and private
> > content. I am using .htaccess to restric the access to some
> > directories containing tar.gz's/images/ppts/pdfs, but the .php file
> > that serves this links is not under the influence of the .htaccess.
> > But when I have a link to one of the protected files from the
> > unprotected .php I get on the apache log :
> >
> > ==> /var/log/apache2/error_log <==
> > [Fri Jul 09 16:14:56 2004] [error] [client 200.114.181.66] client
> > denied by server configuration:
> > /home/aplicaciones/public_html/fotos/Otros/vieja-oficina.jpg
> >
> > ==> /var/log/apache2/access_log <==
> > 200.114.181.66 - - [09/Jul/2004:16:14:56 -0300] "GET
> > /fotos/Otros/vieja-oficina.jpg HTTP/1.1" 403 370 "-" "Mozilla/5.0
> > (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614
> > Firefox/0.9"
> >
> > under /home/aplicaciones/public_html/fotos/Otros I have this .htaccess :
> > AuthType Basic
> > AuthName "Aplicaciones Web Page"
> > AuthUserFile /etc/htpasswd
> >
> > <limit GET>
> >         deny from all
> >         Require valid-user
> > </limit>
> >
> > <files ".htaccess">
> >         deny from all
> > </files>
> >
> > And on the browser I get the html I should, but I don't see any images...
> 
> What exactly do you expect to happen and why?
> 
> I see a couple problems:
> 
> 1. Never use <Limit GET> (well... almost never, and certainly not in
> this case).  See the docs for <Limit> for the explanation.
> 
> 2. With that "deny from all", the "require valid-user" is kind of
> irrelevant.  Why do you have those both there?
> 
> Joshua.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] access from not restricted file to restricted file....

Posted by Joshua Slive <js...@gmail.com>.

On Fri, 9 Jul 2004 18:18:01 -0300, personaje <pe...@gmail.com> wrote:
> Hello,
>     I'm using apache to serve a web page that has public and private
> content. I am using .htaccess to restric the access to some
> directories containing tar.gz's/images/ppts/pdfs, but the .php file
> that serves this links is not under the influence of the .htaccess.
> But when I have a link to one of the protected files from the
> unprotected .php I get on the apache log :
> 
> ==> /var/log/apache2/error_log <==
> [Fri Jul 09 16:14:56 2004] [error] [client 200.114.181.66] client
> denied by server configuration:
> /home/aplicaciones/public_html/fotos/Otros/vieja-oficina.jpg
> 
> ==> /var/log/apache2/access_log <==
> 200.114.181.66 - - [09/Jul/2004:16:14:56 -0300] "GET
> /fotos/Otros/vieja-oficina.jpg HTTP/1.1" 403 370 "-" "Mozilla/5.0
> (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614
> Firefox/0.9"
> 
> under /home/aplicaciones/public_html/fotos/Otros I have this .htaccess :
> AuthType Basic
> AuthName "Aplicaciones Web Page"
> AuthUserFile /etc/htpasswd
> 
> <limit GET>
>         deny from all
>         Require valid-user
> </limit>
> 
> <files ".htaccess">
>         deny from all
> </files>
> 
> And on the browser I get the html I should, but I don't see any images...

What exactly do you expect to happen and why?

I see a couple problems:

1. Never use <Limit GET> (well... almost never, and certainly not in
this case).  See the docs for <Limit> for the explanation.

2. With that "deny from all", the "require valid-user" is kind of
irrelevant.  Why do you have those both there?

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org