RE: Apache issue

From: Phil Eschallier (phil_at_10types.com)
Date: 06/22/05

  • Next message: Hans: "Re: Apache issue"
    To: <anita.salerno@talk21.com>, <focus-linux@securityfocus.com>
    Date: Wed, 22 Jun 2005 10:52:00 -0400
    
    

    Look in the config file ... you probably have an entry for <Directory "/">
    with an override of "None" ... or perhaps some other parent directory of
    your /www/html/directory/rzone.

    Or, are you sure that the Apache DocRoot has not changed with this update?

    ... Phil

    -----Original Message-----
    From: anita.salerno@talk21.com [mailto:anita.salerno@talk21.com]
    Sent: Wednesday, June 22, 2005 3:44 AM
    To: focus-linux@securityfocus.com
    Subject: Apache issue

    Hello,
    I'm using Apache/2.0.52 on Fedora Core 3. I've copied the configuration file
    of the previous apache's version on a Redhat, as I do everytime when
    upgrading to a new version of Apache (I configured only the new httpd.conf
    manually), and now the problem is that none of the security measures is
    working, I'm bypassing all of them (.htaccess and ip list specification).

    The mod_access module is enabled.

    In my httpd.conf, I have:

    AllowOverride All

    <Directory /www/html/directory/rzone>
            Order Allow,Deny
            Allow from 10.0.10.
            Deny from all
    </Directory>

    My .htaccess is:
    AuthType Basic
    AuthName Welcome
    AuthUserFile /www/html/directory/rzone/.htmdp

    <Limit GET POST>
            require valid-user

            Order Allow,Deny
            Allow from 10.0.10.
            Deny from all
    </Limit>

    When I was desprate, I've configured the access file as follow:

    Order Allow,Deny
    Deny from all

    and I still have access to the web site.
     
    Any idea ?


  • Next message: Hans: "Re: Apache issue"