Assume there is the .htaccess file show at the bottom of this posting. At first every read and write access is denied and no permissions are given because no "allow" statement is entered. Fine. But now I want to allow some users to access these directories but only with authentication (login+password). For these users I setup the three lines AuthName, AuthUserFile and AuthGroupFile. Notice that I mix a "deny" access instruction not with its counterpart "allow" but with completely different "Auth..." statements plus OUTSIDE the "Limit" scope ! Are these Auth statements recognized at all or does the missing "allow" statement above prevent any further permissions ? In other words: Do the Auth statements have a higher priority than the non-existence of an allow statement ? If Auth statements are not considered: Does it change anything if I put these Auth statements BEFORE the "deny" command (on top of the .htaccess file) ? .htaccess file: --- <Limit GET POST> order deny,allow deny from all </Limit> <Limit PUT DELETE> order deny,allow deny from all </Limit> AuthName Authenticated users AuthUserFile /home/myhtaccess/service.pwd AuthGroupFile /home/myhtaccess/service.grp --- Send instant messages to your online friends http://uk.messenger.yahoo.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|