On Mon, Sep 29, 2008 at 5:20 PM, André Warnier <aw@xxxxxxxxxx> wrote: > Eric Covener wrote: >>>> >>>> <Directory "/path/to/protected"> >>>> Order deny,allow >>>> Allow from 192.168 >>>> Deny from all >>>> AllowOverride All >>>> Options -Indexes >>>> </Directory> >> >>>> JkMount /protected/jsp/* tomcat_worker >> >>>> 141.x.x.x - - [23/Sep/2008:13:28:34 +0200] "GET /protected/index.html >>>> HTTP/1.0" 200 7675 "-" "Wget/1.11" >> >> You need to use <Location>, not <Directory>. >> >> This content isn't served out of /path/to/protected, so the >> configuration for that directory isn't applicable. >> > Hi Eric. > What makes you say that the content for "GET /protected/index.html" is not > served out of /path/to/protected ? > (I'm not saying you're wrong, it's just that I don't see that from the > available information. Did I miss something ?) You're right, I misread the argument JKMount. Since the rewrite occurs in .htaccess, access control should be running twice -- before the rewriting where those rules would apply and after where they'd no longer apply (for external users, they'd hit the 403 the first time). If the rules were in vhost context, only the second check would apply and external users would be allowed in (because a proxied request doesn't match any Directory container) The report still seems to be "off" by one detail. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|