On Fri, Aug 24, 2012 at 5:57 AM, Mark Montague <m...@catseye.org> wrote:
> On August 23, 2012 12:18 , Konrad Neuwirth <kon...@mailathome.or.at> > wrote: > >> It appears, to me, that the proxy directive takes precedence over the >> access restrictions placed into the directory, and I do not know how to >> reverse that ordering. >> >> The appropriate snipped of our httpd configuration is: >> >> <Directory [USER PATH]/redaxo/include> >> Require all denied >> </Directory> >> >> <LocationMatch ^(.*\.php)$> >> ProxyPass fcgi://127.0.0.2:9136/[USER >> <http://127.0.0.2:9136/%5BUSER>PATH] >> </LocationMatch> >> > > No, <Location> and <LocationMatch> take precedence over <Directory>. See > https://httpd.apache.org/docs/**2.2/sections.html#mergin<https://httpd.apache.org/docs/2.2/sections.html#mergin> > > One solution is to put the proxy configuration into the <Directory> > section instead of the <LocationMatch> section. However, > https://httpd.apache.org/docs/**2.2/mod/mod_proxy.html#**proxypass<https://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass>says > "This directive is not supported in <Directory> or <Files> sections". ProxyPass: Context: <https://httpd.apache.org/docs/2.2/mod/directive-dict.html#Context>server config, virtual host, directory I think the note refers to ProxyPassMatch and not ProxyPass which is obviously supported in directory context. > So you may want to try using mod_rewrite's RewriteRule directive with the > [P] flag: > https://httpd.apache.org/docs/**2.2/rewrite/flags.html#flag_p<https://httpd.apache.org/docs/2.2/rewrite/flags.html#flag_p> > > A better solution, in my opinion, is to not use .htaccess files at all: > they have performance, security, and management downsides. Put the access > restrictions into the above <LocationMatch> block instead. > -- > Mark Montague > m...@catseye.org > > > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@httpd.**apache.org<users-unsubscr...@httpd.apache.org> > For additional commands, e-mail: users-h...@httpd.apache.org > >