|
I’m using Apache 2.0.46 and I want
to password protect all of the subdirectories below cgi-bin. This is easy,
with: <DirectoryMatch /var/www/cgi-bin/.*/> Require valid-user </DirectoryMatch> This works fine, you need a userid, any
userid, to get into the subdirectories. Now, I’d like to be more selective
about who gets into the /admin subdirectory, so I add: <Directory /var/www/cgi-bin/admin> Require user Swifty </Directory> This second step had no effect. I
could still fetch pages from /var/www/cgi-bin/admin with any valid user. The only way that I found to get this working
was to change the original DirectoryMatch to somehow exclude the /admin
directory: <DirectoryMatch /var/www/cgi-bin/[^a].*/> This works, and “Swifty” is
the only user who can get into /cgi-bin/admin/ but now all of the other subdirectories
starting with “a” are not protected at all. I can work around this by getting cleverer
with the pattern in the <DirectoryMatch> but I’d rather not. Can someone explain to me why my original
<Directory> statement had no effect, please? Better still, can anyone propose an elegant
solution to this? I’m reasonably sure that I had this
setup working at one point, with just the first two statements above as they
stand, but it may be that I never verified the restriction on the
/cgi-bin/admin directory. Steve Swift |
|