Hi, Securing a directory with Allow/Deny is supposedly something very simple, yet I have tried for quote a while now, and seek help on the list. This is the setup:
I have an apache 2.2.8 on ubuntu 8.04.1 64bit, which is serving (and reverse proxying) a number of pages/applications. One of them is http://www/protected/, which is supposed to be accessible only from our site and a small number of collaborators. The <Directory> directives are below. Despite Deny from all / Allow 192.168 it will still deliver content happily to outsiders, as the log shows: 141.x.x.x - - [23/Sep/2008:13:28:34 +0200] "GET /protected/index.html HTTP/1.0" 200 7675 "-" "Wget/1.11" I thought from http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html that the Allow/Deny can only be overridden in .htaccess, and I can't find any reference what other directives in the other configuration files could interfere with these. The /usr/lib/apache2/modules/mod_authz_host.so is loaded on startup. Any ideas ? Thanks in advance, Steffen <Directory "/path/to/protected"> Order deny,allow Allow from 192.168 Deny from all AllowOverride All Options -Indexes </Directory> JkMount /protected/jsp/* tomcat_worker ScriptAlias /protected/cgi-bin/ /path/to/protected/cgi-bin/" <Directory "/path/to/protected/cgi-bin"> Order deny,allow Allow from 192.168 Deny from all AddHandler cgi-script .cgi Options +ExecCGI </Directory> In addition I have a file protected/.htaccess which does the rewriting for the pages which moved to tomcat, handled by the JkMount (see below) cat .htaccess RewriteEngine on RewriteRule ^Search.html$ jsp/Search.jsp Although I can't see how this would interfere with allow/deny, since the index.html is not covered by the rewriting. -- IPB Halle AG Massenspektrometrie & Bioinformatik Dr. Steffen Neumann http://www.IPB-Halle.DE Weinberg 3 http://msbi.bic-gh.de 06120 Halle Tel. +49 (0) 345 5582 - 1470 +49 (0) 345 5582 - 0 sneumann(at)IPB-Halle.DE Fax. +49 (0) 345 5582 - 1409 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
