Re: Apache 2.4 access control question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Why use. htaceess at all? And why not just:

<Directory /path>
Require ip 192.168 172.16
</Directory>



El 19 jul. 2017 1:02 a. m., "Jason Brooks" <jason.brooks@xxxxxxxx> escribió:
Hello,

This is on a ubuntu 16.04 LTS system running apache 2.4.18 (mpm_event) with php 7.0 running in php-fpm mode.

I wish to completely block access to a directory in my document root except to a set of ip addresses but it’s not working and I am trying to figure out what is happening.  

My .htaccess settings only seem to apply when only accessing the directory, but not when I access a file IN that directory.

Is there a setting that allows access to files if explicitly referenced to in the url?

Here are my tests:
Directory name: <documentroot>/opcache
.htaccess contents: “require all denied”

access to https://<myserver>/opcache is forbidden (OK!)

access to https”//<myserver>/opcache/test.php is allowed. (What?)

The same thing happens if I don’t use a .htaccess file but instead define a <Directory> section in my apache config.

Why would this happen?

—jason

Jason BrooksSystems Administrator
eROIPerformance is Art.
 
m:505 nw couch #300w:eroi.com
t:503.290.3105f:503.228.4249


fb:fb.com/eROI









[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux