Date: Thu, 28 Jan 1999 19:06:27 +0000 (GMT) From: scot@poptart.org To: freebsd-isp@FreeBSD.ORG Subject: Apache config Message-ID: <Pine.SOL.4.05.9901281856510.27568-100000@kirk.london.virgin.net>
next in thread | raw e-mail | index | archive | help
Hi.
I know this is more of an Apache issue, but someone might know...
I want to allow access to a web server without authentication, from our
LAN, but require a username/password if accessed from else where.
I've done this using two location sections:
Alias /trusted "/www/htdocs"
Alias /open "/www/htdocs"
<Location /open/>
AuthDBMGroupFile /www/auth/users
AuthDBMUserFile /www/auth/users
AuthName "Web server"
AuthType basic
require valid-user
</Location>
<Location /trusted/>
Order allow,deny
allow from [some IP range...]
</Location>
This works fine most of the time. The problem comes with access to files
protected by <Files> sections. If I protect .htaccess files, then they
cannot be read using either URL. But when I try something like:
<Files *.inc>
Order allow,deny
Deny from all
</Files>
... then I can read .inc files using /trusted/... as the base URL, but not
with /open/... as the base. [obviously, I don't want to be able to access
.inc files from anywhere...]
Has anyone else seen this behaviour.. or have I missed something obvious?
Server is Apache/1.3.4.
Thanks.
Scot Elliott
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.05.9901281856510.27568-100000>