Re: Apache issue

From: Raul Jover Baison (rjover_at_gmail.com)
Date: 06/22/05

  • Next message: Daniel Williams: "Re: Apache issue" 
    Date: Wed, 22 Jun 2005 17:44:02 +0200
To: focus-linux@securityfocus.com

    Hello, did you declare this?:

    AccessFileName .htaccess

    As httpd.conf said

    # AccessFileName: The name of the file to look for in each directory
    # for access control information. See also the AllowOverride directive.

    On 22 Jun 2005 07:44:03 -0000, anita.salerno@talk21.com
    <anita.salerno@talk21.com> wrote:
    > Hello,
    > I'm using Apache/2.0.52 on Fedora Core 3. I've copied the configuration file of the previous apache's version on a Redhat, as I do everytime when upgrading to a new version of Apache (I configured only the new httpd.conf manually), and now the problem is that none of the security measures is working, I'm bypassing all of them (.htaccess and ip list specification).
    >
    > The mod_access module is enabled.
    >
    > In my httpd.conf, I have:
    >
    > AllowOverride All
    >
    > <Directory /www/html/directory/rzone>
    > Order Allow,Deny
    > Allow from 10.0.10.
    > Deny from all
    > </Directory>
    >
    >
    >
    > My .htaccess is:
    > AuthType Basic
    > AuthName Welcome
    > AuthUserFile /www/html/directory/rzone/.htmdp
    >
    > <Limit GET POST>
    > require valid-user
    >
    > Order Allow,Deny
    > Allow from 10.0.10.
    > Deny from all
    > </Limit>
    >
    > When I was desprate, I've configured the access file as follow:
    >
    > Order Allow,Deny
    > Deny from all
    >
    > and I still have access to the web site.
    >
    > Any idea ?
    > 

    -- 
............... ___@@@__
......_____//_________\______
----o--------CARE-POLICE--------@)
 -----`--(@)=======+====(@)--'
  • Next message: Daniel Williams: "Re: Apache issue"