I am seeking a few hints on what I am doing wrong.
I am trying to setup apache 1.3.22 to limit access as follows:
1. access MUST be from a specified IP range
2. user MUST use name/passwd
Both conditions above must be met for access.
If there is a request from an IP that is not in the allow range,
I dont want a name/passwd to override this.
Here is what I did:
[http.conf]
DocumentRoot "/var/www/users"
<Directory />
Order Deny,Allow
Deny from All
Allow from 192.168.100.0/255.255.255.0
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
<Directory /test>
Order Deny,Allow
Deny from all
Allow from 192.168.100.0/255.255.255.0
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
------------------------------------
then I added .htaccess in the following dirs:
/var/www/users
/var/www/test
[.htaccess]
AuthName "Restriced Access"
AuthType Basic
AuthUserFile /usr/local/etc/users
require valid-user
Satisfy All
...I can seem to make this work one way or the other, but not both.
With the above configuration, an IP from 192.168.100.0 receives the following:
HTTP 403 forbidden
and the relevant log entry shows:
[Thu Dec 20 07:32:51 2001] [error] [client 192.168.100.13] client denied by
server configuration: /var/www/users
so....I have read the newsgroups and like the idea of 'ditching' the
.htaccess file and setting this up in httpd.conf
(since all the dirs and files would require the same level of security)
Can anyone help me out a little on this?
Thanks in advance.
Jeff
AuroraHealthCare
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
I am trying to setup apache 1.3.22 to limit access as follows:
1. access MUST be from a specified IP range
2. user MUST use name/passwd
Both conditions above must be met for access.
If there is a request from an IP that is not in the allow range,
I dont want a name/passwd to override this.
Here is what I did:
[http.conf]
DocumentRoot "/var/www/users"
<Directory />
Order Deny,Allow
Deny from All
Allow from 192.168.100.0/255.255.255.0
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
<Directory /test>
Order Deny,Allow
Deny from all
Allow from 192.168.100.0/255.255.255.0
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
------------------------------------
then I added .htaccess in the following dirs:
/var/www/users
/var/www/test
[.htaccess]
AuthName "Restriced Access"
AuthType Basic
AuthUserFile /usr/local/etc/users
require valid-user
Satisfy All
...I can seem to make this work one way or the other, but not both.
With the above configuration, an IP from 192.168.100.0 receives the following:
HTTP 403 forbidden
and the relevant log entry shows:
[Thu Dec 20 07:32:51 2001] [error] [client 192.168.100.13] client denied by
server configuration: /var/www/users
so....I have read the newsgroups and like the idea of 'ditching' the
.htaccess file and setting this up in httpd.conf
(since all the dirs and files would require the same level of security)
Can anyone help me out a little on this?
Thanks in advance.
Jeff
AuroraHealthCare
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org