Q: Per-directory access control

Q: Per-directory access control

Post by Dennis Gnatows » Sat, 07 Oct 1995 04:00:00



I'm having a problem getting per-directory access control to work in the
following setup:

restrict access via userid and password to directories /foo, /foo/x,
foo/y

UNrestrict access to directory /foo/bar

I've tried using AllowOverride All and creating a directory entry for
/foo with appropriate AuthName, AuthUserFile, and Limit restrictions in
access.conf.  Which works fine.  /foo and it's subdirectories are
password protected.  But, if I use a .htaccess file in /foo/bar to
UNRESTRICT this directory or even make a separate directory entry for
/foo/bar in access.conf with no restrictions, it won't work!

How do I restrict a parent directory and SELECTED subdirectories?

Any help is appreciated!

======
Dennis Gnatowski

 
 
 

Q: Per-directory access control

Post by David Robins » Fri, 13 Oct 1995 04:00:00



>I'm having a problem getting per-directory access control to work in the
>following setup:

>restrict access via userid and password to directories /foo, /foo/x,
>foo/y

>UNrestrict access to directory /foo/bar

>I've tried using AllowOverride All and creating a directory entry for
>/foo with appropriate AuthName, AuthUserFile, and Limit restrictions in
>access.conf.  Which works fine.  /foo and it's subdirectories are
>password protected.  But, if I use a .htaccess file in /foo/bar to
>UNRESTRICT this directory or even make a separate directory entry for
>/foo/bar in access.conf with no restrictions, it won't work!

>How do I restrict a parent directory and SELECTED subdirectories?

>Any help is appreciated!

This cannot be done in Apache or NCSA httpd. Once access to /foo is restricted
you cannot have unrestricted access to /foo/bar.

This is good security practice; you should never be able to reduce the
security level of an object, only increase it.

[I was caught out by this recently; the only solution is to have /bar
 outside /foo]



 
 
 

1. Apache with SSL Client Authentication; per-directory access based upon DN in certificates

Hi all.

Have set up an Apache server in OpenBSD, with SSL and SSL client
authentication using certificates.

The idea is that the DN of the end user's certificate will form the
basis for what he/she can or cannot see on the server.

Using the lines below in httpd.conf, works fine:
<Location /project/>
SSLVerifyClient require
SSLVerifyDepth 2
SSLRequire %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
            and  (%{SSL_CLIENT_S_DN_O} eq "MYCOMPANY" OR
%{SSL_CLIENT_S_DN_O} eq "OTHERCOMPANY")
</Location>

...only end users who are employees in MYCOMPANY or OTHERCOMPANY will
be able to access the directory /project/ ; everyone else get the 403
FORBIDDEN error.

Trouble is, if I, say, have *two* directories, /projects/ and
/internal/, with the /internal/ conf being identical to the /project/
conf above, (minus OTHERCOMPANY) *nothing* works - everyone is
suddenly able to access everything...

Any ideas?

TIA
Ken M.

2. mp3 encoding

3. Per-Directory and Per-Server info.

4. hex code of a control character question?

5. Restricting ftp directory access on a per user basis

6. Q: mount cdrom writer

7. Custom Access Denied Msg, Per Directory

8. ATI mach64 and xfree

9. Apache and per-directory customised error responses

10. Per-directory quota ?

11. adding per-directory CGI extensions in NCSA HTTPd

12. how to set directory access control in apache_1.0.2 server

13. How to control Root access to directories