Hi,
When I use the mod_access directives to limit access to certain files or
commands, they just seem to be ignored. For example, to disable
downloading of .htaccess and .htpasswd files I use the (almost) standard
rules of:
--- example ---
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
--- /example ---
As far as I know this should disallow anyone (including users logging in
through HTTP AUTH) to open the .ht* files. But if I try to download
them, they can be opened.
The same problem goes for any other access limiting based on IP.
--- server info (first part of mod_info) ---
Apache Server Information
Server Settings, mod_dav_fs.c, mod_dav.c, mod_suexec.c,
mod_rewrite.c,
mod_python.c, mod_perl.c, mod_php5.c, mod_ssl.c, mod_info.c,
mod_userdir.c, mod_status.c, mod_setenvif.c,
mod_negotiation.c,
mod_mime.c, mod_log_config.c, mod_include.c, mod_expires.c,
mod_env.c, mod_dir.c, mod_cgi.c, mod_autoindex.c,
mod_auth_dbm.c, mod_auth.c, mod_alias.c, mod_actions.c,
mod_access.c, mod_so.c, http_core.c, prefork.c, core.c
Server Version: Apache/2.0.53 (Linux/SUSE)
Server Built: Aug 30 2006 13:14:23
API Version: 20020903:9
--- /server info (first part of mod_info) ---
I'm running Suse 9.3 and don't want to change OS or upgrade to a newer
version (of the OS as well as Apache), so I hope someone can find a
solution without having to do this.
Thanks in advance,
Mark
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|