You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jean-Luc Wasmer <jl...@wasmer.ca> on 2003/04/09 18:15:08 UTC
Re: [users@httpd] Access control for files outside DocumentRoot - Solved
> 1. Please read the docs on Order and consider the effect of that order
> directive. (Hint: All access will be denied if you end with "Deny from
> All".)
This wasn't my original setting. I was trying anything to have an denied
access. The server kept allowing the requests.
Anyway, I'm not sure (according to the docs) the order (not the "Order"
directive) of the Deny and Allow directives is relevant since Order will
decide which to evaluate first.
> 2. These directives in <Directory /> will probably be overridden by
> directives that apply lower down in the the directory tree and thus have
> no effect at all. An easy way to solve you particular problem is to use
> this:
>
> <Location />
> Order Deny,Allow
> Deny from All
> Allow from 192.168.0.0/255.255.255.0
> </Location>
>
> This works because <Location> sections are evaluated AFTER all <Directory>
> sections.
>
> See the docs on configuration sections.
That was my second option.
First I tried to put the Deny-Allow-Order directive directly in the
<VirtualHost> section.
I didn't work, so I check the docs:
Order Directive
[...]
Context: directory, .htaccess
Deny Directive
[...]
Context: directory, .htaccess
Allow Directive
[...]
Context: directory, .htaccess
I was mislead my the doc and didn't try with <Location>
The description should be:
Context: directory, location, .htaccess
Thank you Joshua :-)
JL
> -----Original Message-----
> From: Jean-Luc Wasmer
>
> Hi,
>
> I'm trying to control the access to _any_ file on the filesystem, eg any
> file in /.
> I need this because I have included files that are outside DocumentRoot
> and the Allow-Deny directives need to be in a <Directory> section.
>
> The following setting lets everybody in:
>
> <VirtualHost *:80>
> ServerName intranet.domain.com
> DocumentRoot /data/htdocs/intranet
> Include /usr/pkg/etc/httpd/services.conf
> <Directory />
> Order Allow,Deny
> Allow from 192.168.0.0/255.255.255.0
> Deny from All
> </Directory>
> </VirtualHost>
>
> Am I doing the right thing?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access control for files outside DocumentRoot -Solved
Posted by Jean-Luc Wasmer <jl...@wasmer.ca>.
> > I was mislead my the doc and didn't try with <Location>
> > The description should be:
> > Context: directory, location, .htaccess
>
> If you click on the word "Context" in the listing, you will get this help
> page: http://httpd.apache.org/docs-2.0/mod/directive-dict.html#Context
> which tells you that a "Directory" context includes "Location" and "Files"
> unless otherwise mentioned.
Yeah... my mistake. That's why I didn't say there was an error in the doc.
I found the doc _misleading_
They should use a different word than "directory" when referring to
Directory, Location and Files.
If I'm asking about the color of your house, I'm not expecting to have the
color of house, your garden shed and your country bungalow ;-)
Anyway, that's not a big deal.
Thanks again.
JL
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Access control for files outside DocumentRoot -
Solved
Posted by Joshua Slive <jo...@slive.ca>.
On Wed, 9 Apr 2003, Jean-Luc Wasmer wrote:
> > 1. Please read the docs on Order and consider the effect of that order
> > directive. (Hint: All access will be denied if you end with "Deny from
> > All".)
> This wasn't my original setting. I was trying anything to have an denied
> access. The server kept allowing the requests.
> Anyway, I'm not sure (according to the docs) the order (not the "Order"
> directive) of the Deny and Allow directives is relevant since Order will
> decide which to evaluate first.
Yes, I slightly misspoke there. I meant to say that all access will be
denied if you have "Deny from all" and "Order allow,deny" together, since
the "deny" will be evaluated last, hence denying all access.
> That was my second option.
> First I tried to put the Deny-Allow-Order directive directly in the
> <VirtualHost> section.
> I didn't work, so I check the docs:
For the reason this doesn't work, see:
http://httpd.apache.org/docs-2.0/sections.html#mergin
As I said, other <Directory> sections are being evaluated later,
overriding your directives.
> Context: directory, .htaccess
>
> I was mislead my the doc and didn't try with <Location>
> The description should be:
> Context: directory, location, .htaccess
If you click on the word "Context" in the listing, you will get this help
page: http://httpd.apache.org/docs-2.0/mod/directive-dict.html#Context
which tells you that a "Directory" context includes "Location" and "Files"
unless otherwise mentioned.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org