On 9/21/07, m.a.m.vanbeek@xxxxxxxxxxxxxxxxxx <m.a.m.vanbeek@xxxxxxxxxxxxxxxxxx> wrote: > Hi, > > When I use the mod_access directives to limit access to certain files or > commands, they just seem to be ignored. For example, to disable > downloading of .htaccess and .htpasswd files I use the (almost) standard > rules of: > > --- example --- > <Files ~ "^\.ht"> > Order allow,deny > Deny from all > Satisfy all > </Files> > --- /example --- > > As far as I know this should disallow anyone (including users logging in > through HTTP AUTH) to open the .ht* files. But if I try to download > them, they can be opened. > The same problem goes for any other access limiting based on IP. Start by reading this: http://httpd.apache.org/docs/2.2/sections.html#mergin It may be that you have other access-control directives in a <Location> section that are overriding your <Files> section. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|