On 8/7/06, Marc MENDEZ <cnmm600@xxxxxxxx> wrote:
Hi, The root of our extranet site is protected by a .htaccess file. If the user is inside our network, no identification is required. Otherwise, he must identified. Here is the file : AuthUserFile path_to_password_file AuthGroupFile /dev/null AuthName ":: INFORMATIONS CONFIDENTIELLES ::" AuthType Basic <limit GET POST> order deny,allow deny from all allow from our_network require valid-user satisfy any </Limit> It works However, a subdirectory must be restricted differently : if the user is outside our network, no access ! Here is the second .htaccess Allow from our_network Deny from all This second .htaccess worked 'till I modify the first one to prevent users from identifying if they are in our network. I suppose that as the first .htaccess grants access to the whole website, the second one is not used..... How can I urge Apache to use the second one ?
1. Remove the lines <Limit GET POST> and </Limit> which are not needed and are a possible security risk. (Read the docs on <Limit> for more info.) 2. Put "Satisfy all" in the .htaccess in the subdirectory. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|