You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bob Alexander <rj...@yahoo.com> on 2003/10/29 13:24:54 UTC
[users@httpd] Please provide opinion on best practice to limit access to a subtree
My Apache users can use http to navigate through my site which is hosted
on my filesystem under /var/www.
Under /var/www/private I want only https to be used (including the
preliminary basic authentication).
This is what I have done:
/etc/apache/httpd.conf:
....
<Directory /var/www/private>
Order Allow,Deny
Deny from all
</Directory)
and in
/etc/apache-ssl/httpd.conf:
....
<Directory /var/www/private>
AllowOverride None
AuthName "Restricted Area"
AuthType Basic
AuthUserFile ..... (this one is 0600 for www-data the daemon userid).
require valid-user
</Directory>
(I do not like htpasswd files ...).
This works as intended but I do not know if there is some simpler, safer
solution.
Thank you for any advice. Bob Alexander
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org