SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Zealot atetlaw's Avatar
    Join Date
    Feb 2007
    Location
    Melbourne, Australia
    Posts
    171
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Need help with a tricky combination of Allow and Require

    I have a directory I need to protect using authentication, but also be able to specify a couple of exceptions using Allow.

    I want to allow access from a specific IP, and also allow public access to a specific file. With the config below the allow from the IP address works fine, but the access to the specific file doesn't work.

    Am I doing something bone headed?

    Here's what I have:
    Code:
    <VirtualHost *:80>
            DocumentRoot "/var/www/html/"
            ServerName example.com
    
            <Directory />
                    AuthType Kerberos
                    AuthName "Login"
                    ...
    
                    Satisfy any
    
                    Require valid-user
    
                    Order Allow,Deny
    
    		#Allow anon access from one IP
                    Allow from 10.0.0.1
    
                     # Allow access to one file name for everyone
                    <Files public-file.html>
                            Allow from all
                    </Files>
            </Directory>
    </VirtualHost>

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,671
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Hi Andrew!

    What you're attempting can't be done (IMHO) as your objectives appear to be mutually exclusive: Either the directory is protected or it's not.

    Just a comment on the allow,deny: Typically, you use Deny,Allow (order) then Deny from ALL before punching holes in the Deny by Allow with your username/password and/or your LAN address.

    With that, I don't believe that you can "punch a hole" in the directory protection for a single file (and/or supporting files). I believe that you really need to move that file to a different directory (i.e., VirtualHost).

    "Bone headed?" Naw, just ambitious with your "wish list."

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Zealot atetlaw's Avatar
    Join Date
    Feb 2007
    Location
    Melbourne, Australia
    Posts
    171
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks David!

    changing the order to Deny,Allow (and adding Deny from all) made it work.

    Is that what you were expecting? Reading from the Apache doco "Satisfy any" will cause Apache to accept a match from either the Require directive or the Alloy/Deny combo... That sound right to you?

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,671
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Andy,

    That's sounds correct to me. What I was concerned about was trying to punch a hole in the allow,deny for a single file (with support files?). THAT is what I don't believe is possible.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •