On Thu, Mar 27, 2008 at 2:14 PM, Zembower, Kevin <kzembowe@xxxxxxxxxx> wrote: > However, in a separate section, I want to further restrict access to > just records in LDAP and exclude users who are originating from inside > our LAN but don't have records in the LDAP. > This too seems to be working correctly from inside our LAN. I can access > everything on the intranet site without authenticating, but if I want > anything in /staffonly/, I have to authenticate. When I do so, I can > access a document, such as /staffonly/test.html. > > However, when I try to go directly to > http://centernet.jhuccp.org/staffonly/test.html from a host outside of > our LAN, I get a 403 Forbidden error and this entry in the logs: > [Wed Mar 26 13:19:46 2008] [error] [client 98.218.13.184] client denied > by server configuration: /var/www/centernet/htdocs/staffonly/test.html > > When I try to access the pages outside of the /staffonly/ directory from > a host outside of our LAN, everything seems to work correctly after I > enter my credentials. Because the Deny entries from the parent directory are inherited in /staffonly/, when you change Satisfy to all, you completely deny access to anyone on the Deny list. To fix that, just add Allow from all to the /staffonly/ directory section. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|