Re: [users@httpd] Can't restrict file access
Maybe you have a Location covering the same space with other access control? If you overlap directory/files with location, bad things happen. On Fri, Apr 4, 2014 at 8:38 AM, D'Arcy J.M. Cain da...@vex.net wrote: I just noticed that files that should be blocked can easily be seen on my server. I have the following code in my httpd.conf yes anyone can view my svn repository or read my .htaccess files. I think that the first one was actually part of the sample config from Apache. Can anyone see a problem? I checked the web and found other ways to protect those files but none of them work either. Files ~ ^\.ht Order allow,deny Deny from all Satisfy All /Files Files ~ ^\.svn Order allow,deny Deny from all Satisfy All /Files -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:da...@vex.net VoIP: sip:da...@vex.net - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Eric Covener cove...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Can't restrict file access
On Fri, 4 Apr 2014 08:44:02 -0400 Eric Covener cove...@gmail.com wrote: Maybe you have a Location covering the same space with other access control? If you overlap directory/files with location, bad things happen. Someone pointed out that the config directives changed in 2.4. This is what I have now. Files ~ ^\.ht Require all denied Satisfy All /Files This works. I suppose a Location directive would override this but I don't have one that relaxes this restriction. I tried the same for my .svn directories but that doesn't work. Obviously Files works on files and not directories. So I tried the following. Directory ~ ^\.svn Require all denied /Directory This doesn't work. I believe that this is because I have other Directory directives that override it. Would the above work if changed Directory to a Location directive? My impression from reading the docs is that Location is always rooted to the top level. Will it DTRT if I leave off the leading slash? -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:da...@vex.net VoIP: sip:da...@vex.net - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Can't restrict file access
On Fri, 4 Apr 2014 10:09:48 -0400 D'Arcy J.M. Cain da...@vex.net wrote: Directory ~ ^\.svn Require all denied /Directory This doesn't work. I believe that this is because I have other Directory directives that override it. Would the above work if changed Directory to a Location directive? My impression from reading the docs is that Location is always rooted to the top level. Will it DTRT if I leave off the leading slash? Pardon me for answering my own question but perhaps it will help the next person doing a search with this issue. Here is what worked for me: RedirectMatch 404 /\.svn(/|$) -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:da...@vex.net VoIP: sip:da...@vex.net - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org