RE: [users@httpd] Options Indexes: how to force listing of directories with access control settings?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Owen,

>> I guess you're using apache 2?
Actually, its 1.3...

>> This sounds a lot like what happens when you have files in the directory
which are subject to a Deny directive
I am using a Require rather than Deny... but its the same issue....

>> - you can see them but can't access them in apache 1.3 but you can't see
them at all in apache 2.
Hmm, I am running 1.3...

>> you can see them but can't access them
You describe it well - thats exactly the behaviour I want.
I want people to be able to see the protected files/dirs, but get prompted
for a password in order access them... (subject to authorisation...)

>> there is a discussion at:
http://marc.theaimsgroup.com/?l=apache-httpd-users&m=107632025906691&w=2
If I understood that thread correctly, its more about the actual filesystem
permissions (chmod), rather than Require/Deny directives in Apache....

-Nick

>> Nice try, but mod_autoindex works by try to access the file using the
configured ruleset so it'll still hit the block...
Yup...






Extranet
Owen.Boyle@xxxxxxx - 20/04/2005 16:20


Please respond to users@xxxxxxxxxxxxxxxx



To:    users

cc:


Subject:    RE: [users@httpd] Options Indexes: how to force listing of
       directories with access control settings?


> -----Original Message-----
> From: Craig Dunigan [mailto:cdunigan@xxxxxxxxxxxxx]
> Sent: Mittwoch, 20. April 2005 16:31
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re: [users@httpd] Options Indexes: how to force listing of
> directories with access control settings?
>
>
> On Tue, 19 Apr 2005 nick.minutello@xxxxxxxxxxxxxxxxx wrote:
>
> >
> > I am using .htaccess to control access to a directory.
> > However, this hides the directory from the index listing of
> its parent dir
> > (if the user isnt logged in).
> >
> > Is there a trick to Options, IndexOptions or AuthXXX to list all
> > directories, regardless of their access control, when a
> user isnt logged
> > in?

I guess you're using apache 2? This sounds a lot like what happens when you
have files in the directory which are subject to a Deny directive - you can
see them but can't access them in apache 1.3 but you can't see them at all
in apache 2.

You can have a big-end/little-end debate about which is better, but there
is a discussion at:
http://marc.theaimsgroup.com/?l=apache-httpd-users&m=107632025906691&w=2

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.

> >
> >
> Bit of a guess, here, but why not try putting all of the Auth stuff in
> .htaccess inside a Files block, with a match of '*'?

Nice try, but mod_autoindex works by try to access the file using the
configured ruleset so it'll still hit the block...


>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of
a private and personal nature. It is not related to the exchange or
business activities of the SWX Group. Le présent e-mail est un message
privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.


This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. You must
not, directly or indirectly, use, disclose, distribute, print, or copy any
part of this message if you are not the intended recipient. The sender's
company reserves the right to monitor all e-mail communications through
their networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the sender
is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
 For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



This message and any attachments (the "message") is 
intended solely for the addressees and is confidential. 
If you receive this message in error, please delete it and 
immediately notify the sender. Any use not in accord with
its purpose, any dissemination or disclosure, either whole 
or partial, is prohibited except formal approval. The internet 
can not guarantee the integrity of this message. 
BNP PARIBAS (and its subsidiaries) shall (will) not 
therefore be liable for the message if modified. 

**********************************************************************************************

BNP Paribas Private Bank London Branch is authorised 
by CECEI & AMF and is regulated by the Financial Services
Authority for the conduct of its investment business in the
United Kingdom.

BNP Paribas Securities Services London Branch is authorised
by CECEI & AMF and is regulated by the Financial Services
Authority for the conduct of its investment business in the 
United Kingdom.
  
BNP Paribas Fund Services UK Limited is authorised and 
regulated by the Financial Services Authority.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux