[Cialug] apache sibling <Directory> rights

Barry Von Ahsen barry at vonahsen.com
Thu Nov 10 10:03:29 CST 2011 

well, I got it to work by requiring a specific user for /sekrit - not 
super elegant, but effective


-barry


On 11/10/2011 8:14 AM, Barry Von Ahsen wrote:
> I've got the following <Directory> directives:
>
> <Directory /home/apache/>
> EnableMMAP off
> EnableSendfile off
> </Directory>
> <Directory /home/apache/sekrit/>
> Order deny,allow
> Deny from all
> Allow from (lan)
> </Directory>
> <Directory /home/apache/*>
> Order deny,allow
> deny from all
> Allow from (lan)
> AuthUserFile (file)
> AuthType basic
> AuthName "who is it"
> Require valid-user
> Satisfy any
> </Directory>
>
>
> so I want /home/apache/sekrit to be LAN only, and /home/apache/anything
> else to be basic authenticated, but I can only get it to do one or the
> other - either sekrit is 403 and anything else is allowed
> unauthenticated, or everything is available when authenticated,
> including sekrit
>
> I've tried to put <Directory /sekrit> both first and second, thinking it
> was processed in order, and also within the <VirtualHost>. I tried
> <Directory sekrit> then <DirectoryMatch /home/apache/[^sekrit]>. I tried
> the suggestions in apache.org/howto/auth and howto/access, and I tried
> <Directory /home/apache/*> then more restrictive <Files sekrit> and
> <Location sekrit> per
> http://httpd.apache.org/docs/2.2/sections.html#mergin and I've tried a
> deny from all .htaccess in sekrit, and all fail (interestingly, allow
> from all .htaccess served the pages even after a failed basic auth
> instead of sending 401)
>
>
> it seems like:
> <Directory /home/apache/*>
> require valid-user
> </Directory>
> <VirtualHost>
> <Directory /home/apache/secret>
> deny from all
> </Directory>
> </VirtualHost>
> should do it (and the docs seem to say so)
>
>
>
> the easy thing to do is move /sekrit somewhere outside /home/apache, but
> there's gotta be a way to do this
>
> -barry
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list