On 18.08.10 11:23, Andrew Schulman wrote: > I have outer and inner directories that I want to protect with different > Require groups directives: > > <Directory /var/www/html> > Require group outer > </Directory > > <Directory /var/www/html/inner> > Require group inner > </Directory> > > My hope was that the inner Require directive would override the outer one, > allowing me to protect the inner directory with the more restrictive inner > group. Or equivalently, that the two Require group directives would be > ANDed together. > > Instead, it appears that the two directives are being ORed together, > resulting in a *less* restrictive policy for the inner directory - the > opposite of what I wanted. Anyone in either the outer *or* the inner is > allowed access to inner.
There is no AND and no OR here. In the /var/www/html/inner only the "Require group inner" applies. > Does this seem right? Does anyone know of a way to AND Require group > directives? No. And note you must use different realms by specifying different AuthName directives, otherwise it may confuse browsers. The access privileges to the same realm (same AuthName) should be the same within whole realm. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. You have the right to remain silent. Anything you say will be misquoted, then used against you. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
