You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "King Holger (CI/AFP2)" <Ho...@de.bosch.com> on 2013/09/24 12:05:56 UTC
[users@httpd] Apache 2.4 | "require" and AuthMerging
Dear Apache community,
we just wonder why when using the following configuration:
# allow using the "/" directory of this virtual host by all
<Location />
Require all granted
</Location>
Alias /fslogs /opt/wcms/fs4/log
<Directory /opt/wcms/fs4/log>
IndexIgnore .. fs4.pid fs-wrapper.log fs-gc.log
IndexOptions +FancyIndexing
Options +Indexes
AuthType Basic
AuthName "Restricted access"
AuthBasicProvider file
AuthUserFile /tmp/passwd
Require valid-user
</Directory>
the default handling of overwriting access directives in sub contexts does not work properly (AuthMerging off). Might it be due to the two directives "Location" and "Directory"? We expected that for "/opt/wcms/fs4/log" just authenticated and valid users should have access. So, access should be limited. Instead we see that everybody can browse the directory.
Kind regards,
Holger King
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.4 | "require" and AuthMerging
Posted by Eric Covener <co...@gmail.com>.
Location has higher precedence than Directory. It's merged after, not before.
On Tue, Sep 24, 2013 at 6:05 AM, King Holger (CI/AFP2)
<Ho...@de.bosch.com> wrote:
> Dear Apache community,
>
> we just wonder why when using the following configuration:
>
> # allow using the "/" directory of this virtual host by all
> <Location />
> Require all granted
> </Location>
>
> Alias /fslogs /opt/wcms/fs4/log
> <Directory /opt/wcms/fs4/log>
> IndexIgnore .. fs4.pid fs-wrapper.log fs-gc.log
> IndexOptions +FancyIndexing
> Options +Indexes
>
> AuthType Basic
> AuthName "Restricted access"
> AuthBasicProvider file
> AuthUserFile /tmp/passwd
> Require valid-user
> </Directory>
>
> the default handling of overwriting access directives in sub contexts does not work properly (AuthMerging off). Might it be due to the two directives "Location" and "Directory"? We expected that for "/opt/wcms/fs4/log" just authenticated and valid users should have access. So, access should be limited. Instead we see that everybody can browse the directory.
>
> Kind regards,
> Holger King
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org