Re: Is it possible to use SSLRequire to give differentially access to a directory and asubdirectory?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Is it possible to use SSLRequire to give differentially access to a directory and asubdirectory?
From: "Serge Dubrouski" <sergeyfd@xxxxxxxxx>
Date: Tue, 20 Mar 2007 21:33:52 -0600
In-reply-to: <Pine.LNX.4.64.0703210306510.7134@xxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

I'm affraid you are mixing up 2 different things: control of user
access to the site and control type of access to your site.
SSLRequireSSL can't control what users can get access to the
particular directory but it can control that access to that directory
will be provided through SSL enabled connection only.

But you can simple control user acces using mod_auth_basic (or more
complex modules like LDAP or so)  and standard Require directives.

On 3/20/07, Seth Chaiklin <seth@xxxxxx> wrote:

Apache 2.2.4 with mod_ssl

Can someone please confirm that the following is impossible
using only certificates and SSLRequire.

/Directory:                      only user 1 has access
/Subdirectory to Directory:      only user 2 has access

The problem is that, one can either:

b. give access to /Directory to user 1 with a SSLRequire
expression that only user 1 can satisfy, but then user 2 cannot
get access to /subdirectory, because the SSLRequire expression
for /Directory gets passed down.

or

b. give access to /Directory for both users 1 and 2 with a
SSLRequire expression, while a more restrictive expression can
prevents access to /subdirectory for user 1.

Neither of these alternatives is desirable. The idea is for each
user to have access to only the directory or the subdirectory,
but not both.

The manual mentions that SSLRequire "is a very powerful directive
because the requirement specification is an arbitrarily complex
boolean expression containing any number of access checks," but I
don't think it can handle this kind of differential, individual
per-directory access -- but maybe my understanding of boolean
logic is too limited.

Thanks for any insight.

Sincerely,
  Seth Chaiklin




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

References:
- Is it possible to use SSLRequire to give differentially access to a directory and asubdirectory?
  - From: Seth Chaiklin

Prev by Date: Re[2]: Xampp Apache on win 2003. Problem with setting up a Virtual Host
Next by Date: Segmentation fault on an Intel based Mac
Previous by thread: Is it possible to use SSLRequire to give differentially access to a directory and asubdirectory?
Next by thread: Re: Is it possible to use SSLRequire to give differentially access to a directory and asubdirectory?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]