Anyone has any idea about this? am I doing something wrong? any contribution will be welcome Thank you all very much! J.M. Castroagudin escribió:
Hmmm... I thought that "deny,allow", as I had, was the right order. I mean, "first of all, nobody can get in. Then, if someone`s IP match 'intranet', let him in"....Anyway, I tried changing it, and it behaves the same: no SSL, works right. With SSL, everybody can get in...Perhaps there is any limitation involving SSL and IP filtering (i dont know, something like the issue SSL-Vhosts, or so...)?Any idea? Thanks! Phillip Hamilton escribió:I'm no ENV pro, but have you tried "Order Allow, Deny"? "deny,Allow" The deny directives are evaluated before the Allow directives. Access isallowed by default. Any client which does not match a deny directive or doesmatch an Allow directive will be allowed access to the server." :) -----Original Message-----From: J.M. Castroagudin [mailto:jose.castroagudin@xxxxxxxxx] Sent: Thursday, September 13, 2007 8:47 AMTo: users@xxxxxxxxxxxxxxxx Subject: Allow/Deny directive and https Hi everybody,I have been trying to limit access to certain 'directories' (inside a https vhost) based on IP directives. Something like this:SetEnvIf remote_addr W.X.Y.Z intranet SetEnvIf Client-ip W.X.Y.Z intranet <VirtualHost *:443> DocumentRoot "/disc/html/https" ServerName secure.foo.com .... <Directory /disc/html/https/intranet> Order Deny,Allow Deny from All Allow from env=intranet </Directory> .... </VirtualHost> There is only a https virtual host in this server.But it seems not to work as expected. Accesing via 'http://secure.foo.com', Deny and Allow directives work right (it is defined before in conf file). Although, entering via 'https://secure.foo.com', everybody has acces to this directory...Is there a way to do this? I am beginning thinking it can not be possible... it is?Thanks in advance, J.M.Castroagudín Silva ---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx ---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|