You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Brandon McMurray <mc...@endor.hsutx.edu> on 2002/06/05 23:33:54 UTC
Access Restriction problem in 1.3.24
Hello -
I'm having a problem successfully restricting directories by IP.
I compiled apache with --enable-module=access, and have the following
directives in my httpd.conf file:
LoadModule access_module libexec/mod_access.so
AddModule mod_access.c
I am able to restrict access to /server-info and /server-status, and to
directories which do not contain a DirectoryIndex document. I am not able
to restrict any directory that contains a DirectoryIndex document.
For example, in the same config file, this works:
<Location /server-status>
SetHandler server-status
Order Allow,Deny
Deny from all
Allow from 192.168.0.50
</Location>
But this does not:
<Directory /usr/local/apache/htdocs/private/>
Order Allow,Deny
Deny from all
Allow from 192.168.0.50
</directory>
I am using apache 1.3.24 on solaris 2.7.
I have read the docs on http://www.apache.org, as well as the FAQ. Please
advise.
Thanks in advance.
--
Brandon McMurray
mcmurray@endor.hsutx.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Access Restriction problem in 1.3.24
Posted by Joshua Slive <jo...@slive.ca>.
On Thu, 6 Jun 2002, Brandon McMurray wrote:
> Joshua -
>
> The problem I'm facing is that my configuration is not restricting the
> pages by IP. With the configurations below in place, I can browse to the
> pages from any location. I have also tried Order Deny,Allow in the
> directives below, but received the same effect - I can still browse to the
> pages from any location. I have even tried this:
>
> Order Allow,Deny
> Deny from all
>
> And it's still not restricted. What else could be wrong?
Most likely, the restriction is getting overridden in another phase of
configuration processing. In particular, <Directory> sections are
evaluated before <Files>, <Location>, etc, so if you allow access in a
<Location> section applying to the same content, it will override your
"Deny from all". Check the rest of your config file.
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Access Restriction problem in 1.3.24
Posted by Brandon McMurray <mc...@endor.hsutx.edu>.
Joshua -
The problem I'm facing is that my configuration is not restricting the
pages by IP. With the configurations below in place, I can browse to the
pages from any location. I have also tried Order Deny,Allow in the
directives below, but received the same effect - I can still browse to the
pages from any location. I have even tried this:
Order Allow,Deny
Deny from all
And it's still not restricted. What else could be wrong?
Regards,
-Brandon
On Wed, 5 Jun 2002, Joshua Slive wrote:
> Date: Wed, 05 Jun 2002 23:25:25 -0400
> From: Joshua Slive <jo...@slive.ca>
> Reply-To: users@httpd.apache.org
> To: users@httpd.apache.org
> Subject: Re: Access Restriction problem in 1.3.24
>
> Brandon McMurray wrote:
>
> > I am able to restrict access to /server-info and /server-status, and to
> > directories which do not contain a DirectoryIndex document. I am not able
> > to restrict any directory that contains a DirectoryIndex document.
> >
> > For example, in the same config file, this works:
>
> > Order Allow,Deny
> > Deny from all
> > Allow from 192.168.0.50
>
> > But this does not:
>
> > Order Allow,Deny
> > Deny from all
> > Allow from 192.168.0.50
>
> I hate to tell you this, but neither of those work. It is possible that
> you have some other directives that, by conicidence, seem to make the
> first one do what you want, but this is definitely a wrong configuration.
>
> Look at the docs for the Order directive. You will see that what you
> have will deny access to all hosts in all cases, because "Order
> Allow,Deny", causes the "Deny from all" to be evaluated last, overriding
> any Allow directives.
>
> Joshua.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
--
Brandon McMurray
mcmurray@endor.hsutx.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Access Restriction problem in 1.3.24
Posted by Joshua Slive <jo...@slive.ca>.
Brandon McMurray wrote:
> I am able to restrict access to /server-info and /server-status, and to
> directories which do not contain a DirectoryIndex document. I am not able
> to restrict any directory that contains a DirectoryIndex document.
>
> For example, in the same config file, this works:
> Order Allow,Deny
> Deny from all
> Allow from 192.168.0.50
> But this does not:
> Order Allow,Deny
> Deny from all
> Allow from 192.168.0.50
I hate to tell you this, but neither of those work. It is possible that
you have some other directives that, by conicidence, seem to make the
first one do what you want, but this is definitely a wrong configuration.
Look at the docs for the Order directive. You will see that what you
have will deny access to all hosts in all cases, because "Order
Allow,Deny", causes the "Deny from all" to be evaluated last, overriding
any Allow directives.
Joshua.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org