Apache authentication question, how to disable in a sub-directory
Chris G
cl at isbd.net
Thu Mar 13 14:20:55 UTC 2008
On Thu, Mar 13, 2008 at 05:59:50AM -0700, Craig White wrote:
> On Thu, 2008-03-13 at 12:25 +0000, Chris G wrote:
> > I am running Fedora 8 with Apache 2.2.
> >
> > I have a section of my web site which is password protected for
> > outside (i.e. non LAN) users, this uses the standard sequence as
> > follows:-
> >
> > AuthType Basic
> > AuthName "ISBD Home Server"
> > AuthUserFile /etc/httpd/conf/passwd
> > Require valid-user
> >
> > So far so good, it works as intended.
> >
> > However I want to further restrict access to a lower sub-directory such
> > that it isn't accessible to outside users at all. How can I do this?
> > Allow/Deny directives don't do what I want because they don't affect
> > the above password authentication. What I want is some directive that
> > explicitly *removes* password authenticated access from a directory.
> >
> >
> > If I add a "Satisfy All" directive to the sub-directory then the
> > effect is to prevent outside access (which is what I want) but in
> > adddition LAN users have to enter a valid name/password which I don't
> > want to have to do.
> >
> >
> > The best solution I have come up with so far is to add "Require
> > aNonexistentUser" to the sub-directory, it asks for a name/password
> > but no valid ones exist. However, as I said, I'd really like to say
> > "don't try password authentication here at all".
> ----
> This probably depends upon what the purpose of this non-accessible
> subdirectory is.
>
> If you don't want apache to access this directory at all, consider that
> httpd runs as user:group apache:apache and thus if you were to chmod
> o-x /path/to/this/subdirectory, httpd (apache) would not be able to read
> the contents, thus it would not be available to anyone via apache. Only
> root, owner and group members of the ownership of that directory would
> be able to enter the subdirectory (i.e., would require some login
> shell).
>
Ah, but I *do* want apache to be able to access the directory. It has
access because there are Allow/Deny directives that let local LAN
users access the directory. I just want to prevent remote users
getting access, even with a password.
--
Chris Green
More information about the fedora-list
mailing list