You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Marc Patermann <ha...@ofd-sth.niedersachsen.de> on 2009/02/18 18:45:55 UTC
[users@httpd] webdav LimitExcept Lightning
Hi,
I have a WebDAV directory (apache httpd 2.2.8; Ubuntu 8.04)
with an .ics file in it. The .ics file is used with Thunderbird Lightning.
Authorization is configured in an .htaccess file in the directory as
follows:
AuthBasicProvider file
AuthType Basic
Authname "name"
AuthUserFile /path/to/file
Require valid-user
<LimitExcept GET OPTIONS>
Require user foo
</LimitExcept>
The auth file includes two users
foo and bar.
If I authenticate in Lightning as bar I get all the rights! I can send
even PUT and PROPFIND http commands. But <LimitExcept GET OPTIONS>
should prevend user bar from changing (PUT) the file, doesn't it?
For both users foo and bar it works just the same.
If I use an additional <Limit GET> section for valid-users, it works.
Where is my fault?
Marc
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] webdav LimitExcept Lightning
Posted by André Warnier <aw...@ice-sa.com>.
Marc Patermann wrote:
> Hi,
>
> I have a WebDAV directory (apache httpd 2.2.8; Ubuntu 8.04)
> with an .ics file in it. The .ics file is used with Thunderbird Lightning.
> Authorization is configured in an .htaccess file in the directory as
> follows:
>
> AuthBasicProvider file
> AuthType Basic
> Authname "name"
> AuthUserFile /path/to/file
> Require valid-user
> <LimitExcept GET OPTIONS>
> Require user foo
> </LimitExcept>
>
I suspect the "Require valid-user" overwhelms you "Require user foo".
Have you tried inverting the conditions, like :
> AuthBasicProvider file
> AuthType Basic
> Authname "name"
> AuthUserFile /path/to/file
> Require user foo
> <Limit GET OPTIONS>
> Require valid-user
> </Limit>
?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org