You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Clint Davis <cd...@grayloon.com> on 2003/10/10 20:10:42 UTC
[users@httpd] Realm Protection
I have the following in my Apache 1.3.27 httpd.conf file. But, I can still
freely access documents in the "files" directory that are supposed to be
protected. What's wrong here?
<Directory /Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files>
Options None
Order allow,deny
Allow from all
AuthName "NUNN-BETTER"
AuthType Basic
AuthUserFile /Library/Tenon/System/Configuration/users.txt
AuthGroupFile /Library/Tenon/System/Configuration/groups.txt
require user chatfield croyer dhughes dverdeyen dwadsworth
</Directory>
---------------------------------------------------------------------
Clint Davis
Webmaster / Interactive Media Specialist
Gray Loon Marketing Group, Inc. http://www.grayloon.com
204 Main Street | Evansville, IN 47708 | Phone:812-422-9999
---------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Realm Protection
Posted by suomi <ap...@ayni.com>.
If you use directory, files, and location directives on a web site, you
must consider the following processing sequence:
the directives directory, directorymatch, files, filesmatch, location,
locationmatch are processed in that order, which means that a files
directive will overrun a directory directive (if that where possible),
and a location directive will overrun both of them
be aware that the location, locationmatch directives are processed last,
and they may invalidate any directory, directorymacht and files,
filesmatch directives. If you have a location, locationmatch directive
in the general setup in httpd.conf, it will overrun all
directory,directorymatch and files,filesmatch directives you specify in
partivular virtual-server directives.
the order of processing these directives is never mentionned in any book
about apache. and there are cases, where it really gets important
suomi
Clint Davis wrote:
>I have the following in my Apache 1.3.27 httpd.conf file. But, I can still
>freely access documents in the "files" directory that are supposed to be
>protected. What's wrong here?
>
>
><Directory /Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files>
>Options None
>Order allow,deny
>Allow from all
>AuthName "NUNN-BETTER"
>AuthType Basic
>AuthUserFile /Library/Tenon/System/Configuration/users.txt
>AuthGroupFile /Library/Tenon/System/Configuration/groups.txt
>require user chatfield croyer dhughes dverdeyen dwadsworth
></Directory>
>
>
>---------------------------------------------------------------------
>Clint Davis
>Webmaster / Interactive Media Specialist
>Gray Loon Marketing Group, Inc. http://www.grayloon.com
>204 Main Street | Evansville, IN 47708 | Phone:812-422-9999
>---------------------------------------------------------------------
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Realm Protection
Posted by Joshua Slive <jo...@slive.ca>.
On Mon, 13 Oct 2003, Clint Davis wrote:
> I have changed mine to match yours, but it's still not working :(
>
> <Directory /Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files>
> AuthName "NUNN-BETTER"
> AuthType Basic
> AuthUserFile /Library/Tenon/System/Configuration/users.txt
> require valid-user
> </Directory>
What if you replace that stuff with simply
Order allow,deny
Deny from all
Does it deny access?
Are you sure it is not a browser caching issue?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Realm Protection [Solved]
Posted by Clint Davis <cd...@grayloon.com>.
I figured out the problem with some help from Tenon. Here's their response:
Your website is pointed to
/Library/Tenon/WebServer/WebSites/www.nunn-better.com for document
root. And the Access Control protection area should be defined as
/Library/Tenon/WebServer/WebSites/www.nunn-better.com/5jc19p/files.
This is because Apache isn't smart enough to associate
/Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files with your
document root. They are treated as two different path, and that's why
the realm didn't work. I reconfigured your httpd.conf file with
/Library/Tenon/WebServer/WebSites/www.nunn-better.com/5jc19p/files, and
it works fine now.
On 10/13/03 11:48 AM, "Clint Davis" <cd...@grayloon.com> wrote:
> I have changed mine to match yours, but it's still not working :(
>
> <Directory /Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files>
> AuthName "NUNN-BETTER"
> AuthType Basic
> AuthUserFile /Library/Tenon/System/Configuration/users.txt
> require valid-user
> </Directory>
>
>
> On 10/11/03 3:25 AM, "Dougie Leaver" <st...@dougiel.f2s.com> wrote:
>
>> Clint, as a very new user of Apache 2 I can offer my twopenorth worth,
>>
>>> I have the following in my Apache 1.3.27 httpd.conf file. But, I can still
>>> freely access documents in the "files" directory that are supposed to be
>>> protected. What's wrong here?
>>>
>>>
>>> <Directory /Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files>
>>> Options None
>>> Order allow,deny
>>> Allow from all
>> Why have this here, it appears to allow every one access ?.
>>
>>> AuthName "NUNN-BETTER"
>>> AuthType Basic
>>> AuthUserFile /Library/Tenon/System/Configuration/users.txt
>>> AuthGroupFile /Library/Tenon/System/Configuration/groups.txt
>>> require user chatfield croyer dhughes dverdeyen dwadsworth
>>> </Directory>
>> Then you try to DENY all except authorised users ?. And you seem to be
>> trying to use three types of authorisation. Surely you only need one group,
>> or one file or just the list of users. Ive appended my own config which
>> seems to work OK using a password file in 2.0.47.
>>
>> <Directory "C:/Program Files/Apache Group/Apache2/htdocs/private">
>> AuthType Basic
>> AuthName "Restricted Files"
>> AuthUserFile C:/.htpasswd
>> Require valid-user
>> </Directory>
>>
>> This is straight from the Apache online guide but as I said Im a new user so
>> could be wrong !
>> Thanks to those who keep Apache going and free, with the coming of broadband
>> I can now run my own web server.
---------------------------------------------------------------------
Clint Davis
Webmaster / Interactive Media Specialist
Gray Loon Marketing Group, Inc. http://www.grayloon.com
204 Main Street | Evansville, IN 47708 | Phone:812-422-9999
---------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Realm Protection
Posted by Clint Davis <cd...@grayloon.com>.
I have changed mine to match yours, but it's still not working :(
<Directory /Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files>
AuthName "NUNN-BETTER"
AuthType Basic
AuthUserFile /Library/Tenon/System/Configuration/users.txt
require valid-user
</Directory>
On 10/11/03 3:25 AM, "Dougie Leaver" <st...@dougiel.f2s.com> wrote:
> Clint, as a very new user of Apache 2 I can offer my twopenorth worth,
>
>> I have the following in my Apache 1.3.27 httpd.conf file. But, I can still
>> freely access documents in the "files" directory that are supposed to be
>> protected. What's wrong here?
>>
>>
>> <Directory /Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files>
>> Options None
>> Order allow,deny
>> Allow from all
> Why have this here, it appears to allow every one access ?.
>
>> AuthName "NUNN-BETTER"
>> AuthType Basic
>> AuthUserFile /Library/Tenon/System/Configuration/users.txt
>> AuthGroupFile /Library/Tenon/System/Configuration/groups.txt
>> require user chatfield croyer dhughes dverdeyen dwadsworth
>> </Directory>
> Then you try to DENY all except authorised users ?. And you seem to be
> trying to use three types of authorisation. Surely you only need one group,
> or one file or just the list of users. Ive appended my own config which
> seems to work OK using a password file in 2.0.47.
>
> <Directory "C:/Program Files/Apache Group/Apache2/htdocs/private">
> AuthType Basic
> AuthName "Restricted Files"
> AuthUserFile C:/.htpasswd
> Require valid-user
> </Directory>
>
> This is straight from the Apache online guide but as I said Im a new user so
> could be wrong !
> Thanks to those who keep Apache going and free, with the coming of broadband
> I can now run my own web server.
---------------------------------------------------------------------
Clint Davis
Webmaster / Interactive Media Specialist
Gray Loon Marketing Group, Inc. http://www.grayloon.com
204 Main Street | Evansville, IN 47708 | Phone:812-422-9999
---------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Realm Protection
Posted by Dougie Leaver <st...@dougiel.f2s.com>.
Clint, as a very new user of Apache 2 I can offer my twopenorth worth,
> I have the following in my Apache 1.3.27 httpd.conf file. But, I can still
> freely access documents in the "files" directory that are supposed to be
> protected. What's wrong here?
>
>
> <Directory /Volumes/Data/WebSites/www.nunn-better.com/5jc19p/files>
> Options None
> Order allow,deny
> Allow from all
Why have this here, it appears to allow every one access ?.
> AuthName "NUNN-BETTER"
> AuthType Basic
> AuthUserFile /Library/Tenon/System/Configuration/users.txt
> AuthGroupFile /Library/Tenon/System/Configuration/groups.txt
> require user chatfield croyer dhughes dverdeyen dwadsworth
> </Directory>
Then you try to DENY all except authorised users ?. And you seem to be
trying to use three types of authorisation. Surely you only need one group,
or one file or just the list of users. Ive appended my own config which
seems to work OK using a password file in 2.0.47.
<Directory "C:/Program Files/Apache Group/Apache2/htdocs/private">
AuthType Basic
AuthName "Restricted Files"
AuthUserFile C:/.htpasswd
Require valid-user
</Directory>
This is straight from the Apache online guide but as I said Im a new user so
could be wrong !
Thanks to those who keep Apache going and free, with the coming of broadband
I can now run my own web server.
DougieLeaver
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org