Ari Halberstadt wrote:
> "Craig R. McClanahan" <[EMAIL PROTECTED]> wrote:
> >..
> >You can use <LOCATION> directives in the httpd.conf file to protect access to
> >servlets based on their URI, instead of their actual directory.
>
> Any ideas why this didn't work for me? I've tried something as simple as:
>
> <VirtualHost 192.168.1.1>
> ...
> <Location /servlets/Simple>
> order deny,allow
> deny from all
> </Location>
> ...
> </VirtualHost>
>
> but it still lets me access /servlets/Simple.
>
> What trick am I missing this time?
>
Well, I'm definitely no guru on Apache configuration directives ... but I've been
told that <LOCATION> have been successfully used with servlets this way.
In your particular example, is there some global setting for "allow from xxxx"
that might be overriding this?
Of course, for user authentication, you would also need to include directives for
the MOD_AUTH type module you want to use, such as "require valid-user" or
whatever. The "allow" and "deny" directives don't do this.
Interestingly, the Apache server documentation says that all these directives are
valid in ".htaccess" and "directory" contexts, but they are silent about
"location" and "virtual host". I wonder if the docs are out of date, or if they
really don't work when nested like this ???
Craig
-- --------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
READ THE FAQ!!!! <http://java.apache.org/faq/>
Archives and Other: <http://java.apache.org/main/mail.html/>
Problems?: [EMAIL PROTECTED]
