You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Pedro LaWrench <pe...@yahoo.com> on 2007/05/29 22:33:07 UTC
[users@httpd] issues with control
In my main server, I allow all with
<Directory /mydocs>
Order allow,deny
Allow all
</Directory>
Then in a virtual server (different port) I have
<Directory />
Order deny,allow
Allow from 10.1.2.3
Deny from all
</Directory>
Yet, it appears that all hosts can access /mydocs through the virtual server.
Even with a deny for / in a virtual server config, is it true that more
specific directory entries *outside* the virtual server config will still be in
effect and take precedence?
Thanks,
PL
____________________________________________________________________________________Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] issues with control
Posted by Eric Covener <co...@gmail.com>.
Now serving a self-imposed email probation of 24h for two flubbed
responses in the same thread.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] issues with control
Posted by Eric Covener <co...@gmail.com>.
On 5/29/07, Eric Covener <co...@gmail.com> wrote:
> Isn't this effectively:
>
> Order deny,allow
> Allow from 10.1.2.3
> Deny from all
> Allow from all
>
> Mind the order that 'Order' will evaluate the merged directives.
That was all pretty poorly presented. Your 'allow all' is evaluated
after your 'deny all' after things are merged together based on your
'Order' directive.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] issues with control
Posted by Eric Covener <co...@gmail.com>.
On 5/29/07, Pedro LaWrench <pe...@yahoo.com> wrote:
>
> In my main server, I allow all with
> <Directory /mydocs>
> Order allow,deny
> Allow all
> </Directory>
>
> Then in a virtual server (different port) I have
> <Directory />
> Order deny,allow
> Allow from 10.1.2.3
> Deny from all
> </Directory>
>
> Yet, it appears that all hosts can access /mydocs through the virtual
> server.
> Even with a deny for / in a virtual server config, is it true that more
> specific directory entries *outside* the virtual server config will still
> be in
> effect and take precedence?
Isn't this effectively:
Order deny,allow
Allow from 10.1.2.3
Deny from all
Allow from all
Mind the order that 'Order' will evaluate the merged directives.
--
Eric Covener
covener@gmail.com
Re: [users@httpd] Access Question
Posted by Scott Wilcox <sc...@x0f.org>.
thank you muchly. :)
Ricky Zhou wrote:
> Scott Wilcox wrote:
>
>> and this works fine. The thing is, I have a directory inside this path,
>> called "data" which I need to allow all users access too. Is this
>> possible, and if so, how can I do it?
>>
> <Directory "/path/to/dir/data">
> Allow from all
> Satisfy Any
> </Directory>
>
> (See http://httpd.apache.org/docs/2.2/mod/core.html#satisfy)
>
> Hope this helps,
> Ricky
>
>
Re: [users@httpd] Access Question
Posted by Ricky Zhou <ri...@gmail.com>.
Scott Wilcox wrote:
> and this works fine. The thing is, I have a directory inside this path,
> called "data" which I need to allow all users access too. Is this
> possible, and if so, how can I do it?
<Directory "/path/to/dir/data">
Allow from all
Satisfy Any
</Directory>
(See http://httpd.apache.org/docs/2.2/mod/core.html#satisfy)
Hope this helps,
Ricky
[users@httpd] Access Question
Posted by Scott Wilcox <sc...@x0f.org>.
hey folks.
If I have the root of a virtual protected with:
<VirtualHost *:80>
DocumentRoot /path/to/dir
ServerName bob
<Directory "/path/to/dir">
AuthType Basic
AuthName "Network Services"
AuthBasicProvider file
AuthUserFile /path/to/file
Require valid-user
AllowOverride All
Options Indexes
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
and this works fine. The thing is, I have a directory inside this path,
called "data" which I need to allow all users access too. Is this
possible, and if so, how can I do it?
Scott.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] issues with control
Posted by Pedro LaWrench <pe...@yahoo.com>.
--- Joshua Slive <jo...@slive.ca> wrote:
> On 5/29/07, Pedro LaWrench <pe...@yahoo.com> wrote:
> > In my main server, I allow all with
> > <Directory /mydocs>
> > Order allow,deny
> > Allow all
> > </Directory>
> >
> > Then in a virtual server (different port) I have
> > <Directory />
> > Order deny,allow
> > Allow from 10.1.2.3
> > Deny from all
> > </Directory>
> >
> > Yet, it appears that all hosts can access /mydocs through the virtual
> server.
> > Even with a deny for / in a virtual server config, is it true that more
> > specific directory entries *outside* the virtual server config will still
> be in
> > effect and take precedence?
>
> Yes. For each directory, apache checks first for <Directory> sections
> outside vhosts then for <directory> sections inside vhosts. It does
> not apply all outside <directory> sections followed by all inside
> <directory> sections.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Thanks, that is consistent with what I am seeing, though it seems a tad
dangerous. (Looking only at the vhost config, one might believe that
everything from / on down is restricted.) I suppose if you are using vhosts,
you should only use directory controls within them, and not put any in the main
server that may have unintended consequences.
PL
____________________________________________________________________________________Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] issues with control
Posted by Joshua Slive <jo...@slive.ca>.
On 5/29/07, Pedro LaWrench <pe...@yahoo.com> wrote:
> In my main server, I allow all with
> <Directory /mydocs>
> Order allow,deny
> Allow all
> </Directory>
>
> Then in a virtual server (different port) I have
> <Directory />
> Order deny,allow
> Allow from 10.1.2.3
> Deny from all
> </Directory>
>
> Yet, it appears that all hosts can access /mydocs through the virtual server.
> Even with a deny for / in a virtual server config, is it true that more
> specific directory entries *outside* the virtual server config will still be in
> effect and take precedence?
Yes. For each directory, apache checks first for <Directory> sections
outside vhosts then for <directory> sections inside vhosts. It does
not apply all outside <directory> sections followed by all inside
<directory> sections.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org