Apache 2.4 | "require" and AuthMerging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Apache community,

we just wonder why when using the following configuration:

# allow using the "/" directory of this virtual host by all
<Location />
    Require all granted
</Location>

Alias /fslogs /opt/wcms/fs4/log
<Directory /opt/wcms/fs4/log>
    IndexIgnore .. fs4.pid fs-wrapper.log fs-gc.log
    IndexOptions +FancyIndexing
    Options +Indexes

    AuthType Basic
    AuthName "Restricted access"
    AuthBasicProvider file
    AuthUserFile /tmp/passwd
    Require valid-user
</Directory>

the default handling of overwriting access directives in sub contexts does not work properly (AuthMerging off). Might it be due to the two directives "Location" and "Directory"? We expected that for "/opt/wcms/fs4/log" just authenticated and valid users should have access. So, access should be limited. Instead we see that everybody can browse the directory.

Kind regards,
Holger King

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux