Re: Apache authentication question, how to disable in a sub-directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2008-03-13 at 14:20 +0000, Chris G wrote:
> On Thu, Mar 13, 2008 at 05:59:50AM -0700, Craig White wrote:
> > On Thu, 2008-03-13 at 12:25 +0000, Chris G wrote:
> > > I am running Fedora 8 with Apache 2.2.
> > > 
> > > I have a section of my web site which is password protected for
> > > outside (i.e. non LAN) users, this uses the standard sequence as
> > > follows:-
> > > 
> > >     AuthType Basic
> > >     AuthName "ISBD Home Server"
> > >     AuthUserFile /etc/httpd/conf/passwd
> > >     Require valid-user
> > > 
> > > So far so good, it works as intended.
> > > 
> > > However I want to further restrict access to a lower sub-directory such
> > > that it isn't accessible to outside users at all.  How can I do this?
> > > Allow/Deny directives don't do what I want because they don't affect
> > > the above password authentication.  What I want is some directive that
> > > explicitly *removes* password authenticated access from a directory.
> > > 
> > > 
> > > If I add a "Satisfy All" directive to the sub-directory then the
> > > effect is to prevent outside access (which is what I want) but in
> > > adddition LAN users have to enter a valid name/password which I don't
> > > want to have to do.
> > > 
> > > 
> > > The best solution I have come up with so far is to add "Require
> > > aNonexistentUser" to the sub-directory, it asks for a name/password
> > > but no valid ones exist.  However, as I said, I'd really like to say
> > > "don't try password authentication here at all".
> > ----
> > This probably depends upon what the purpose of this non-accessible
> > subdirectory is.
> > 
> > If you don't want apache to access this directory at all, consider that
> > httpd runs as user:group apache:apache and thus if you were to chmod
> > o-x /path/to/this/subdirectory, httpd (apache) would not be able to read
> > the contents, thus it would not be available to anyone via apache. Only
> > root, owner and group members of the ownership of that directory would
> > be able to enter the subdirectory (i.e., would require some login
> > shell).
> > 
> Ah, but I *do* want apache to be able to access the directory.  It has
> access because there are Allow/Deny directives that let local LAN
> users access the directory.  I just want to prevent remote users
> getting access, even with a password.
----
in that case, I think this would be a better answer...

http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html

Allow from 192.168.0.0/24

which requires module authz_host_module which should be enabled by
default.

Craig

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux