On 9/13/07, J.M. Castroagudin <jose.castroagudin@xxxxxxxxx> wrote: > Hi everybody, > > I have been trying to limit access to certain 'directories' (inside a > https vhost) based on IP directives. Something like this: > > > SetEnvIf remote_addr W.X.Y.Z intranet > SetEnvIf Client-ip W.X.Y.Z intranet > > > <VirtualHost *:443> > DocumentRoot "/disc/html/https" > ServerName secure.foo.com > > .... > > <Directory /disc/html/https/intranet> > Order Deny,Allow > Deny from All > Allow from env=intranet > </Directory> > > .... > > </VirtualHost> > > > There is only a https virtual host in this server. > > But it seems not to work as expected. Accesing via > 'http://secure.foo.com', Deny and Allow directives work right (it is > defined before in conf file). Although, entering via > 'https://secure.foo.com', everybody has acces to this directory... Start by replacing your mod_setenvif-based config with a simple "Deny from all" and make sure that works. If it doesn't work, you likely have something else in the config file overriding it. For example, directives in <Location> sections will override <Directory> sections. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|