Hi,
I trying to understand how the "Require" directive works in non-trivial
cases. This is one example:
<VirtualHost *:80>
ServerName 127.0.0.1
DocumentRoot "/var/www/html/site"
<Location "/area/admin/">
Authtype Basic
Authname "site"
AuthUserFile /etc/httpd/conf/htpasswd
Require valid-user
</Location>
<Files "README.*">
Require all denied
</Files>
</VirtualHost>
When I access http://localhost/area/admin/README.txt without a password
httpd will respond with a 401 as expected but when I supply the correct
credentials not only do I get access to the admin location (expected)
but also to the README.txt file (unexpected).
Why is the "Require all denied" ignored in this case? When I comment out
the location block then I will get the correct 403 Forbidden response so
it seems the "Require valid-user" seems to basically erase the
restrictions defined elsewhere.
How would I specify this correctly so that a password grants me access
to the admin area but the limitation on the README files stays intact?
Regards,
Dennis
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|