You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Bob Alexander <rj...@yahoo.com> on 2003/10/29 13:24:54 UTC

[users@httpd] Please provide opinion on best practice to limit access to a subtree

My Apache users can use http to navigate through my site which is hosted 
on my filesystem under /var/www.

Under /var/www/private I want only https to be used (including the 
preliminary basic authentication).

This is what I have done:
/etc/apache/httpd.conf:
....
<Directory /var/www/private>
    Order Allow,Deny
    Deny from all
</Directory)

and in

/etc/apache-ssl/httpd.conf:
....
<Directory /var/www/private>
    AllowOverride None
    AuthName "Restricted Area"
    AuthType Basic
    AuthUserFile ..... (this one is 0600 for www-data the daemon userid).
    require valid-user
</Directory>

(I do not like htpasswd files ...).

This works as intended but I do not know if there is some simpler, safer 
solution.

Thank you for any advice. Bob Alexander





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org