Re: <Location /> for a whole site BUT one directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

André Warnier schrieb:

André Warnier wrote:

Ralph Kutschera wrote:

Hallo list!
I've been searching the archive but it seems there isn't yet a solution to this: 

  I would like to have a whole site to be accessed only by user/passwd:

<Location />
  AuthXXX [..]
</Location>

  Only one directory should be accessible without authentication:
<Location /public>
  Order Allow,Deny
  Allow from All
</Location>
This does not work. I'm getting asked for user/passwd whenever I try to access http://domain.com/public 


On second thought..
The answer may be in the Apache doc.  It is well-hidden, but it's there.
See
:
http://httpd.apache.org/docs/2.2/mod/core.html#require
section : Removing controls in subdirectories
It looks like by just adding "Satisfy any" in the <Location /public> section , it may do the trick. 

Try it and tell, I am interested.
Unfortunately it doesn't work. It's again the <Location /> directive that comes up. With the test mentioned above: 

<Location />
  AuthName "Server"
  AuthXXX [..]

  Order Allow,Deny
  Allow From All

  Satisfy All
</Location>

<Location /public>
  AuthName "Public"
  AuthXXX [..]

  Order Allow,Deny
  Allow From All

  Satisfy any
</Location>
Here, I'm not getting asked for the "Public" realdm but again for the "Server" realm :(
By the way, I think that it would be safer to define this via <Directory> sections than via <Location>. For <Location />, it does not matter, because that's going to be the same as you document root no matter what. But, if your server were to be on a host whose file names are case-insensitive (like Windows), then a user requesting a URL like "/Public/x" would not fall under the conditions that apply to "/public/x" (and nevertheless get the document). 

My server will always be case-sensitive. So I don't care :-)
My intention was to protect a virtual host from URL-attacks as there are some applications written by myself and I'm no professional. There are some few users who will get access as I can trust them. 
And then there should be a /public directory that can be accessed by anyone.


greetings,
  Ralph


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux