Joshua, thank you so much for your help. I implemented your suggestion yesterday, and tested last night from home, and everything seemed to be working. The solution seems counterintuitive to me; I don't think that I would have thought of it on my own. Thanks, again.
-Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Slive Sent: Thursday, March 27, 2008 2:23 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] Complex authentication problem with LDAP and Apache 2.2.3 On Thu, Mar 27, 2008 at 2:14 PM, Zembower, Kevin <[EMAIL PROTECTED]> wrote: > However, in a separate section, I want to further restrict access to > just records in LDAP and exclude users who are originating from inside > our LAN but don't have records in the LDAP. > This too seems to be working correctly from inside our LAN. I can access > everything on the intranet site without authenticating, but if I want > anything in /staffonly/, I have to authenticate. When I do so, I can > access a document, such as /staffonly/test.html. > > However, when I try to go directly to > http://centernet.jhuccp.org/staffonly/test.html from a host outside of > our LAN, I get a 403 Forbidden error and this entry in the logs: > [Wed Mar 26 13:19:46 2008] [error] [client 98.218.13.184] client denied > by server configuration: /var/www/centernet/htdocs/staffonly/test.html > > When I try to access the pages outside of the /staffonly/ directory from > a host outside of our LAN, everything seems to work correctly after I > enter my credentials. Because the Deny entries from the parent directory are inherited in /staffonly/, when you change Satisfy to all, you completely deny access to anyone on the Deny list. To fix that, just add Allow from all to the /staffonly/ directory section. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
