Solved

<Directory> and .htaccess

Posted on 2004-09-28
7
329 Views
Last Modified: 2010-03-04
I'd like to allow access to a private directory on my server to ppl on my LAN but not to anyone in the real world.

Specifically, I want to allow access to 192.168.0.0/24 to /private

Here's a copy of the relevant lines from my conf file:

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

#
# House Access
#
<Directory /private>
    Order deny,allow
    Deny from all
    Allow from 192.168.0.0/24
</Directory>

However, when I use a lynx client on a remote server to view the specified folder, it displays the contents quite happily (well, the index file to be precise)

Any suggestions? I'm happy to use .htaccess but I don't want passwords - just IP checking

Running on Win32
0
Comment
Question by:basiclife
  • 3
  • 3
7 Comments
 
LVL 38

Accepted Solution

by:
yuzh earned 500 total points
ID: 12176466
Modify your </Directory> for /private

<Directory /path-to/private>
 AllowOverride All
    Options FollowSymlinks
        <Limit GET POST OPTIONS PROPFIND>
        Order allow,deny
        Allow from 192.168.0.0/24
    </Limit>
</Directory>
 
then restart apache

 please read:
http://httpd.apache.org/docs/mod/core.html#allowoverride
http://sniptools.com/vault/windows-apache-and-htaccess-authentication.htm
0
 
LVL 5

Author Comment

by:basiclife
ID: 12176514
I think the problem I'm having _is_ with the path

On the file system it's D:\Apache\private with d:\Apache being the Doc root  so it's /private when served. So what EXACTLY should the <DIRECTORY> tag be? Do I need to quote it? / isn't quoted but later on, a C:\Program Files... Is I'm guessing this is because of the space? Finally, I've seen both ' and " used to quote paths. Is there any funcitonal difference between them?

AllowOverride All - Is that letting .htaccess modify settings or letting <Directory> ?

And what does the LIMIT do?

BTW:- Thanks for the reference links. I'd managed to find most of the info already but a lot less concise.

Also, thanks for the quick reponse
0
 
LVL 38

Expert Comment

by:yuzh
ID: 12176935
>>Do I need to quote it?
Yes
>>AllowOverride All - Is that letting .htaccess modify settings or letting <Directory> ?
Yes

>>And what does the LIMIT do?
The <Limit method> directive defines a block according to the HTTP method of the incoming request. Generally, it should not be used unless you really need it (for example, if you've implemented PUT and want to limit PUTs but not GETs), and we have not used it in site.authent. Unfortunately, Apache's online documentation encouraged its inappropriate use, so it is often found where it shouldn't be.

see: http://www.hk8.org/old_web/linux/apache/ch05_02.htm  (5.2.5) for more details

Also have a look at the following "Using .htaccess Files with Apache" (for Windows):
http://apache-server.com/tutorials/ATusing-htaccess.html
http:Q_20539697.html

To learn something about the PATH handling.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 5

Author Comment

by:basiclife
ID: 12179220
Thanks for all the help just one more question:

what should the opening directory statement look like?

<Directory ?????>


ie <Directory "/private"> or <Directory '/private'> or ???
0
 
LVL 19

Expert Comment

by:ramazanyich
ID: 12180488
You can use <Location> element instead of Directory.
So  use:
<Location /private>
...
</Location>
0
 
LVL 5

Author Comment

by:basiclife
ID: 12181752
Got it. And it works. Thanks!
0
 
LVL 38

Expert Comment

by:yuzh
ID: 12186285
Congratulations, you make it!

Cheers!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now