Zembower, Kevin wrote: > I'm having trouble with a 'nested' authorization requirement. Here's > part of my httpd.conf file: > cn2:/etc/apache# egrep -v '^[[:space:]]*#|^[[:space:]]*$' httpd.conf > <snip> > NameVirtualHost * > <VirtualHost *> > ServerName centernet.jhuccp.org > DocumentRoot /var/www/centernet/htdocs > <Directory /var/www/centernet/htdocs> > <snip> > AuthType Basic > AuthName "JHU/CCP" > AuthUserFile /var/www/centernet/users > require valid-user > satisfy any > order deny,allow > allow from 10.253.192.192/26 10.253.200.0/24 10.253.201.0/24 > 10.253.202.0/24 > deny from all > </Directory> > <snip> > <Directory /var/www/centernet/htdocs/staffonly> > AuthType Basic > AuthName "CCP Staff Only" > AuthUserFile /var/www/centernet/staffonlylist > require valid-user > </Directory> > </VirtualHost> > <snip> > cn2:/etc/apache# > > In the first part of the centernet VirtualHost section, I restrict users > to either be in specific IP address ranges, or enter the password in > /var/www/centernet/users. I want to put an additional restriction on > viewing the files in /var/www/centernet/htdocs/staffonly/. However, when > I test this from inside the specified IP address ranges, it never asks > me to authenticate to view the files in /staffonly/. > > How should I change my config file to put additional authorization > requirements on the /staffonly/ directory? > > Thanks in advance for all your help and suggestions. > presumably because your satisy any clause means that the user who is attempting to go to the staffonly directory has satisfied a previous requirement, so you must override this inheritance with a satisfy all command, I guess. > -Kevin > > Kevin Zembower > Internet Services Group manager > Center for Communication Programs > Bloomberg School of Public Health > Johns Hopkins University > 111 Market Place, Suite 310 > Baltimore, Maryland 21202 > 410-659-6139 > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > -- Matthew Farey Web App Sec. 25 The Polygon, Southampton, Hants, SO15 2BP, UK Phone +44(0)2380 631449 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|