You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Ed Curtis <ed...@homes2see.com> on 2004/01/06 15:19:09 UTC

[users@httpd] Directory protection

I am having some trouble limiting access to a directory under a domain to
certain ip addresses. I am running apache version 1.3.26 on Debian Linux.
Here's my directive:

 <Directory test_area/>

  deny from all
  allow from 10.0.0.0/24

 </Directory>

What I'm trying to do is lock the directory 'test_area' for access only
from our internal lan (10.0.0.0/24). Everything within the Documentation
tells me that this is the way to do this but I can still access the
directory under our server root from outside our lan. Other directives
such as an AuthType directive posted below do work correctly.

 <Directory test_area/>

                AuthType Basic
                AuthName TESTAREA
                AuthGroupFile /dev/null
                AuthUserFile {path to .htpasswd file}

                <LIMIT GET POST PUT>
                require valid-user
                </LIMIT>

        </Directory>


Any ideas?

Thanks,

Ed



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Directory protection

Posted by Ed Curtis <ed...@homes2see.com>.

> Hi
>
> I think you forgot to add Order deny,allow:
>
> <Directory test_area/>
>      Order deny,allow
>      deny from all
>      allow from 10.0.0.0/24
> </Directory>

 Actually that was my mistake. The line 'Order deny,allow' is actually in
my config file.

Ed



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Directory protection

Posted by "Eimantas \"EnC\" Vaičiūnas" <ei...@lietuvoje.lt>.

Ed Curtis wrote:

> I am having some trouble limiting access to a directory under a domain to
> certain ip addresses. I am running apache version 1.3.26 on Debian Linux.
> Here's my directive:
> 
>  <Directory test_area/>
> 
>   deny from all
>   allow from 10.0.0.0/24
> 
>  </Directory>
> 

Hi

I think you forgot to add Order deny,allow:

<Directory test_area/>
     Order deny,allow
     deny from all
     allow from 10.0.0.0/24
</Directory>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org