You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by personaje <pe...@gmail.com> on 2004/07/09 23:18:01 UTC
[users@httpd] access from not restricted file to restricted file....
Hello,
I'm using apache to serve a web page that has public and private
content. I am using .htaccess to restric the access to some
directories containing tar.gz's/images/ppts/pdfs, but the .php file
that serves this links is not under the influence of the .htaccess.
But when I have a link to one of the protected files from the
unprotected .php I get on the apache log :
==> /var/log/apache2/error_log <==
[Fri Jul 09 16:14:56 2004] [error] [client 200.114.181.66] client
denied by server configuration:
/home/aplicaciones/public_html/fotos/Otros/vieja-oficina.jpg
==> /var/log/apache2/access_log <==
200.114.181.66 - - [09/Jul/2004:16:14:56 -0300] "GET
/fotos/Otros/vieja-oficina.jpg HTTP/1.1" 403 370 "-" "Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614
Firefox/0.9"
under /home/aplicaciones/public_html/fotos/Otros I have this .htaccess :
AuthType Basic
AuthName "Aplicaciones Web Page"
AuthUserFile /etc/htpasswd
<limit GET>
deny from all
Require valid-user
</limit>
<files ".htaccess">
deny from all
</files>
And on the browser I get the html I should, but I don't see any images...
Thanks,
Perso.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] access from not restricted file to restricted file....
Posted by personaje <pe...@gmail.com>.
Ok, that's what I get for copy/paste instead of reading...
I wanted to be prompted for user/password because, to load the file
there has to be a GET file... but it didn't worked as when I used the
same .htaccess to protect the whole site....
Now I read, and follow your recomendation and dumped the deny from all
and the limit and got to work.
Thanks.
On Fri, 9 Jul 2004 23:42:37 -0400, Joshua Slive <js...@gmail.com> wrote:
>
>
> On Fri, 9 Jul 2004 18:18:01 -0300, personaje <pe...@gmail.com> wrote:
> > Hello,
> > I'm using apache to serve a web page that has public and private
> > content. I am using .htaccess to restric the access to some
> > directories containing tar.gz's/images/ppts/pdfs, but the .php file
> > that serves this links is not under the influence of the .htaccess.
> > But when I have a link to one of the protected files from the
> > unprotected .php I get on the apache log :
> >
> > ==> /var/log/apache2/error_log <==
> > [Fri Jul 09 16:14:56 2004] [error] [client 200.114.181.66] client
> > denied by server configuration:
> > /home/aplicaciones/public_html/fotos/Otros/vieja-oficina.jpg
> >
> > ==> /var/log/apache2/access_log <==
> > 200.114.181.66 - - [09/Jul/2004:16:14:56 -0300] "GET
> > /fotos/Otros/vieja-oficina.jpg HTTP/1.1" 403 370 "-" "Mozilla/5.0
> > (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614
> > Firefox/0.9"
> >
> > under /home/aplicaciones/public_html/fotos/Otros I have this .htaccess :
> > AuthType Basic
> > AuthName "Aplicaciones Web Page"
> > AuthUserFile /etc/htpasswd
> >
> > <limit GET>
> > deny from all
> > Require valid-user
> > </limit>
> >
> > <files ".htaccess">
> > deny from all
> > </files>
> >
> > And on the browser I get the html I should, but I don't see any images...
>
> What exactly do you expect to happen and why?
>
> I see a couple problems:
>
> 1. Never use <Limit GET> (well... almost never, and certainly not in
> this case). See the docs for <Limit> for the explanation.
>
> 2. With that "deny from all", the "require valid-user" is kind of
> irrelevant. Why do you have those both there?
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] access from not restricted file to restricted file....
Posted by Joshua Slive <js...@gmail.com>.
On Fri, 9 Jul 2004 18:18:01 -0300, personaje <pe...@gmail.com> wrote:
> Hello,
> I'm using apache to serve a web page that has public and private
> content. I am using .htaccess to restric the access to some
> directories containing tar.gz's/images/ppts/pdfs, but the .php file
> that serves this links is not under the influence of the .htaccess.
> But when I have a link to one of the protected files from the
> unprotected .php I get on the apache log :
>
> ==> /var/log/apache2/error_log <==
> [Fri Jul 09 16:14:56 2004] [error] [client 200.114.181.66] client
> denied by server configuration:
> /home/aplicaciones/public_html/fotos/Otros/vieja-oficina.jpg
>
> ==> /var/log/apache2/access_log <==
> 200.114.181.66 - - [09/Jul/2004:16:14:56 -0300] "GET
> /fotos/Otros/vieja-oficina.jpg HTTP/1.1" 403 370 "-" "Mozilla/5.0
> (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040614
> Firefox/0.9"
>
> under /home/aplicaciones/public_html/fotos/Otros I have this .htaccess :
> AuthType Basic
> AuthName "Aplicaciones Web Page"
> AuthUserFile /etc/htpasswd
>
> <limit GET>
> deny from all
> Require valid-user
> </limit>
>
> <files ".htaccess">
> deny from all
> </files>
>
> And on the browser I get the html I should, but I don't see any images...
What exactly do you expect to happen and why?
I see a couple problems:
1. Never use <Limit GET> (well... almost never, and certainly not in
this case). See the docs for <Limit> for the explanation.
2. With that "deny from all", the "require valid-user" is kind of
irrelevant. Why do you have those both there?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org