You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Marc Patermann <ha...@ofd-sth.niedersachsen.de> on 2009/02/18 18:45:55 UTC

[users@httpd] webdav LimitExcept Lightning

Hi,

I have a WebDAV directory (apache httpd 2.2.8; Ubuntu 8.04)
with an .ics file in it. The .ics file is used with Thunderbird Lightning.
Authorization is configured in an .htaccess file in the directory as 
follows:

AuthBasicProvider file
AuthType Basic
Authname "name"
AuthUserFile /path/to/file
Require valid-user
<LimitExcept GET OPTIONS>
   Require user foo
</LimitExcept>

The auth file includes two users
foo and bar.

If I authenticate in Lightning as bar I get all the rights! I can send 
even PUT and PROPFIND http commands. But <LimitExcept GET OPTIONS> 
should prevend user bar from changing (PUT) the file, doesn't it?
For both users foo and bar it works just the same.

If I use an additional <Limit GET> section for valid-users, it works.

Where is my fault?


Marc

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] webdav LimitExcept Lightning

Posted by André Warnier <aw...@ice-sa.com>.

Marc Patermann wrote:
> Hi,
> 
> I have a WebDAV directory (apache httpd 2.2.8; Ubuntu 8.04)
> with an .ics file in it. The .ics file is used with Thunderbird Lightning.
> Authorization is configured in an .htaccess file in the directory as 
> follows:
> 
> AuthBasicProvider file
> AuthType Basic
> Authname "name"
> AuthUserFile /path/to/file
> Require valid-user
> <LimitExcept GET OPTIONS>
>   Require user foo
> </LimitExcept>
> 
I suspect the "Require valid-user" overwhelms you "Require user foo".
Have you tried inverting the conditions, like :

 > AuthBasicProvider file
 > AuthType Basic
 > Authname "name"
 > AuthUserFile /path/to/file
 > Require user foo
 > <Limit GET OPTIONS>
 >   Require valid-user
 > </Limit>

?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org