[H-GEN] Apache restrict directory (fwd)
Martin Pool
mbp at linuxcare.com.au
Sun Apr 16 02:59:19 EDT 2000
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Please observe the list's charter. ]
(Is the whole general-post hassle really worth it?)
On Fri, 14 Apr 2000, Luke Grant wrote:
> or you could put the following entre into your httpd.conf file.
> <Directory /directory/you/want/restricted>
> AllowOverride FileInfo AuthConfig Limit
> Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
> <Limit GET POST OPTIONS PROPFIND>
> order deny, allow
> deny from all
> allow from 10.0.0.0/24
> </Limit>
> </Directory>
Bloody! You're obviously being paid by the byte. :-)
I'd prefer to use <Location> rather than <Directory> if I'm trying to
restrict by logical location: the intention is clearer, and it won't break
if you move the webserver to a different directory.
I think the configuration you give will allow people to e.g. do a HEAD on
/secret/index.html, which is probably not what the guy wants. There's no
need for a <Limit> unless you care about restricting some methods more
than others.
--
Martin Pool
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.
More information about the General
mailing list