Hello,My goal is to allow any "Admin" user to access / of a virtual host, and any "Backup" user to access /backups of the same host. I have a user which is a member of the Admin group but not a member of the Backup group. If my configuration looks like this:
<Location />
AuthType Basic
AuthName "Restricted Admin area"
Require group Admin
AuthUserFile /etc/apache2/config/Passwd
AuthGroupFile /etc/apache2/config/Group
</Location>
<Location /backups>
AuthType Basic
AuthName "Restricted Backup area"
Require group Backup
AuthUserFile /etc/apache2/config/Passwd
AuthGroupFile /etc/apache2/config/Group
</Location>
everything works as expected. However if the order of the Location
statements is reversed (first /backups, then /) any member of Admin can
access the entire site. I guess that the / is treated as a wildcard, and
changes the previous Auth* settings of /backups.
My question is whether this is documented anywhere? I use a number of mod_macro statements all over my site and always believed that order of statements is not significant, only the nesting level. Now I am not sure how many more hidden problems I have in my configs.
Please point me to documentation in what circumstances the order of similar statements is significant, as my digging around the 2.2 manual proved fruitless.
Thank you Peter --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|