You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ma...@bellsouth.net on 2003/11/30 20:53:47 UTC
[users@httpd] Access Control
I am attempting to setup Apache to be very restrictive, and force
all users to authenticate before viewing the content on my web server.
After reading through the authentication documentation, I came up with:
<Directory />
Options None
AllowOverride None
order allow,deny
deny from all
</Directory>
# Force authentication of everything in the DocumentRoot
<Directory /opt/apache/htdocs>
Options None
AllowOverride None
AuthType Basic
AuthName "Authentication"
AuthUserFile /opt/apache/conf/passwd
Require valid-user
</Directory>
I am not getting prompted with the Basic authentication dialogue box, and
assume that Apache is ignoring the second directive altogether. Does
Apache use the longest or shortest item when evaluating Directory entries?
Thanks for any insight,
Matty
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access Control
Posted by Joshua Slive <jo...@slive.ca>.
On Sun, 30 Nov 2003 mattyml@bellsouth.net wrote:
> I am attempting to setup Apache to be very restrictive, and force
> all users to authenticate before viewing the content on my web server.
> After reading through the authentication documentation, I came up with:
>
> <Directory />
> Options None
> AllowOverride None
> order allow,deny
> deny from all
> </Directory>
>
> # Force authentication of everything in the DocumentRoot
> <Directory /opt/apache/htdocs>
> Options None
> AllowOverride None
> AuthType Basic
> AuthName "Authentication"
> AuthUserFile /opt/apache/conf/passwd
> Require valid-user
> </Directory>
>
> I am not getting prompted with the Basic authentication dialogue box, and
> assume that Apache is ignoring the second directive altogether. Does
> Apache use the longest or shortest item when evaluating Directory entries?
You are mixing two type of access control: host-based and user-auth. The
first directory section restricts everything based on host. The second
one adds a user-auth restriction to the /opt/apache/htdocs directory.
But since that directory is still restricted by host, you can't access it.
You can solve the problem by allowing any host to access
/opt/apache/htdocs by adding to that <Directory> section:
Order allow,deny
Allow from all
(You could also solve it by telling apache to let in a user if EITHER host
OR user-auth restrictions are met using "Satisfy any". But that is a
less-secure configuration.)
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org