Thank you very much, Joshua (and thank you all)
I have tried:
(code)
<VirtualHost *:443>
DocumentRoot "/disc/html/https"
ServerName secure.foo.com
....
<Directory /disc/html/https/intranet>
Order Deny,Allow
Deny from All
# Allow from env=intranet
</Directory>
....
</VirtualHost>
(/code)
And it does not work. I still can connect to /intranet...
I also tried:
(code)
<VirtualHost *:443>
DocumentRoot "/disc/html/https"
ServerName secure.foo.com
....
<Location /intranet/>
Order Deny,Allow
Deny from All
# Allow from env=intranet
</Location>
...
</VirtualHost>
(/code)
... It just dont work..
Now i must review the entire configuration (it is a kinda complicated
configuration, lots of sites and files), looking for something that
could be overriding this directive. I will let you know if i find out
something...
Thank you all again. And if anyone else have any idea, i will be grateful.
Joshua Slive escribió:
On 9/13/07, J.M. Castroagudin <[EMAIL PROTECTED]> wrote:
Hi everybody,
I have been trying to limit access to certain 'directories' (inside a
https vhost) based on IP directives. Something like this:
SetEnvIf remote_addr W.X.Y.Z intranet
SetEnvIf Client-ip W.X.Y.Z intranet
<VirtualHost *:443>
DocumentRoot "/disc/html/https"
ServerName secure.foo.com
....
<Directory /disc/html/https/intranet>
Order Deny,Allow
Deny from All
Allow from env=intranet
</Directory>
....
</VirtualHost>
There is only a https virtual host in this server.
But it seems not to work as expected. Accesing via
'http://secure.foo.com', Deny and Allow directives work right (it is
defined before in conf file). Although, entering via
'https://secure.foo.com', everybody has acces to this directory...
Start by replacing your mod_setenvif-based config with a simple "Deny
from all" and make sure that works. If it doesn't work, you likely
have something else in the config file overriding it. For example,
directives in <Location> sections will override <Directory> sections.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]