You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ap...@spamgourmet.com on 2006/02/25 01:59:16 UTC
[users@httpd] .htaccess: How to "cut only the middle branch" from a directory
tree?
One bewildering observation on a low-traffic, co-hosted account (hence no logs,
& unusual first lines required in .htaccess) by a provider using Apache 1.3.29:
Some directories didn't seem to get the password protection they deserve.
I figured out that the protection on every level in the directory
tree can be obtained by creating this structure of subdirectories below root:
/1/2/3 - and then uploading an .htaccess with these contents into each of them:
PerlSetVar AuthFile /.htpasswd
AuthType Basic
AuthName "confidential documents"
require valid-user
Apache requires a password on http://site.dom/1/2/3, http://site.dom/1/2
and http://site.dom/1 - however when uploading a different .htaccess that
is supposed to open up (ONLY) http://site.dom/1/2 to the "middle" directory of
/1/2, something unexpected is caused by this /1/2/.htaccess file:
PerlSetVar AuthFile /.htpasswd
AuthType Basic
AuthName "wide open"
order deny,allow
Satisfy any
Besides directory 2, its subdirectory 3 becomes accessible without credentials,
as well, although the more restrictive version of .htaccess has remained in...3
and should therefore be unaffected by any changes to /1/2/.htaccess - is there
any explanation for this, and a way around the issue? (The format of .htaccess
being largely restricted by the hosting provider's requirements, of course...)?
If this is a "feature", how does one make sure that the .htaccess placed in the
"sub-sub-subdirectory" /1/2/3 is observed, so 3 will not be affected by changes
to the .htaccess for its parent directory, i.e. remain protected just like /1 ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] .htaccess: How to "cut only the middle branch"
from a directory tree?
Posted by Robert Ionescu <ro...@googlemail.com>.
Apache.20.TEN@spamgourmet.com wrote:
> Apache requires a password on http://site.dom/1/2/3, http://site.dom/1/2
> and http://site.dom/1 - however when uploading a different .htaccess that
> is supposed to open up (ONLY) http://site.dom/1/2 to the "middle" directory of
> /1/2, something unexpected is caused by this /1/2/.htaccess file:
>
> PerlSetVar AuthFile /.htpasswd
> AuthType Basic
> AuthName "wide open"
> order deny,allow
> Satisfy any
>
> Besides directory 2, its subdirectory 3 becomes accessible without credentials,
> as well, although the more restrictive version of .htaccess has remained in...3
> and should therefore be unaffected by any changes to /1/2/.htaccess
Try to place a
Satisfy all
into /1/2/3/.htaccess
--
Robert
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org