Hi, Just for the record, I worked around the problem using a rewrite to a 404 page for the clients not allowed. I'm still curious about the actual problem. Anyone ? Do I need to provide some more details ? Yours, Steffen On Tue, 2008-09-23 at 13:48 +0200, Steffen Neumann wrote: > Hi, > > Securing a directory with Allow/Deny is supposedly > something very simple, yet I have tried for quote a while now, > and seek help on the list. This is the setup: > > I have an apache 2.2.8 on ubuntu 8.04.1 64bit, > which is serving (and reverse proxying) > a number of pages/applications. > > One of them is http://www/protected/, which is supposed > to be accessible only from our site and a small number > of collaborators. The <Directory> directives are below. > Despite Deny from all / Allow 192.168 it will still deliver content > happily to outsiders, as the log shows: > > 141.x.x.x - - [23/Sep/2008:13:28:34 +0200] "GET /protected/index.html HTTP/1.0" 200 7675 "-" "Wget/1.11" > > I thought from http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html > that the Allow/Deny can only be overridden in .htaccess, > and I can't find any reference what other directives in the > other configuration files could interfere with these. > > The /usr/lib/apache2/modules/mod_authz_host.so > is loaded on startup. > > Any ideas ? > > Thanks in advance, > Steffen > > > <Directory "/path/to/protected"> > Order deny,allow > Allow from 192.168 > Deny from all > AllowOverride All > Options -Indexes > </Directory> > JkMount /protected/jsp/* tomcat_worker > > ScriptAlias /protected/cgi-bin/ /path/to/protected/cgi-bin/" > <Directory "/path/to/protected/cgi-bin"> > Order deny,allow > Allow from 192.168 > Deny from all > AddHandler cgi-script .cgi > Options +ExecCGI > </Directory> > > In addition I have a file protected/.htaccess which does the rewriting > for the pages which moved to tomcat, handled by the JkMount (see below) > > cat .htaccess > RewriteEngine on > RewriteRule ^Search.html$ jsp/Search.jsp > > Although I can't see how this would interfere with allow/deny, > since the index.html is not covered by the rewriting. > > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|