On 2/28/06 10:08 AM, "Joshua Slive" <joshua@xxxxxxxx> wrote: > On 2/28/06, Sean Davis <sdavis2@xxxxxxxxxxxx> wrote: >> >> >> >> On 2/28/06 9:23 AM, "Nick Kew" <nick@xxxxxxxxxxxx> wrote: >> >>> On Tuesday 28 February 2006 13:55, Sean Davis wrote: >>> >>>> 128.231.145.14 - sean [28/Feb/2006:08:46:34 -0500] "PUT >>>> /webDAV/public/Abstract.doc HTTP/1.1" 204 - >>> >>> See that "sean" in there? Your client has authenticated itself. >>> Where's the problem? >> >> Sorry, Nick, for not explaining the problem clearly. The problem isn't the >> lack of authentication, but what I thought was too permissive authorization. >> Perhaps my understanding of LimitExcept is wrong, but I thought if I had a: >> >> <LimitExcept GET HEAD OPTIONS> >> Require user sean >> </LimitExcept> >> >> that I shouldn't be able PUT or DELETE. The log entries show that I was >> able to do that--hence the problem. I don't understand why I can PUT or >> DELETE with the LimitExcept directive in place. I simply want a webDAV >> directory that is read-only by the user sean. > > Yes, your understanding of <LimitExcept> is wrong. You want > <Limit GET OPTIONS> > require use sean > </Limit> > <LimitExcept GET OPTIONS> > Order allow,deny > Deny from all > </LimitExcept> Thanks for clarifying--that was it. Sean --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|