On 2/28/06, Sean Davis <sdavis2@xxxxxxxxxxxx> wrote: > > > > On 2/28/06 9:23 AM, "Nick Kew" <nick@xxxxxxxxxxxx> wrote: > > > On Tuesday 28 February 2006 13:55, Sean Davis wrote: > > > >> 128.231.145.14 - sean [28/Feb/2006:08:46:34 -0500] "PUT > >> /webDAV/public/Abstract.doc HTTP/1.1" 204 - > > > > See that "sean" in there? Your client has authenticated itself. > > Where's the problem? > > Sorry, Nick, for not explaining the problem clearly. The problem isn't the > lack of authentication, but what I thought was too permissive authorization. > Perhaps my understanding of LimitExcept is wrong, but I thought if I had a: > > <LimitExcept GET HEAD OPTIONS> > Require user sean > </LimitExcept> > > that I shouldn't be able PUT or DELETE. The log entries show that I was > able to do that--hence the problem. I don't understand why I can PUT or > DELETE with the LimitExcept directive in place. I simply want a webDAV > directory that is read-only by the user sean. Yes, your understanding of <LimitExcept> is wrong. You want <Limit GET OPTIONS> require use sean </Limit> <LimitExcept GET OPTIONS> Order allow,deny Deny from all </LimitExcept> Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|