top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

How to allow a directory and don't allow a sub-directory in Apache?

0 votes
535 views

I want to allow a directory " /var/www/html/ldap" to two users according to IPs (192.168.1.2 192.168.1.7):

 Order allow,deny
 Allow from 192.168.1.2 192.168.1.7
 Satisfy any
 AuthName "LDAP Authentication"
 AuthType Basic

 AuthBasicProvider ldap
 AuthzLDAPauthoritative off
 AuthLDAPURL ldap://192.168.1.3/dc=example,dc=com?uid?sub?(objectClass=*)
 Require valid-user

but I don't want to allow a sub directory to 192.168.1.7 (I want it to be allowed only to 192.168.1.2):

I have tried to add:

 Order allow,deny
 Allow from 192.168.1.2
 Satisfy any
 AuthName "LDAP Authentication"
 AuthType Basic

 AuthBasicProvider ldap
 AuthzLDAPauthoritative off
 AuthLDAPURL ldap://192.168.1.3/dc=example,dc=com?uid?sub?(objectClass=*)
 Require valid-user

but it seems that 192.168.1.7 can reach to manager directory because it is a part of ldap directory, how can I forbid this?

posted Jul 22, 2014 by Vijay Shukla

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button

1 Answer

+1 vote

Satisfy any
satisfy all?

answer Jul 22, 2014 by anonymous
Similar Questions
0 votes

Running Apache 2.4.7 and current configuration limiting access to a directory to only clients that can provide a trusted client certificate. Server is SSL host. Would like to modify configuration to allow "local" clients (127.0.0.1, etc. as defined by Require local auth provider) to access the directory without authenticating with a client certificate. So the local host may access the directory without SSL client auth, but all others must authenticate with a client certificate or access is forbidden. What is the best/proper way to do this?

I would like to use modern directives (avoiding Allow, Deny, Order etc. from mod_access_compat) but I am not clear how to combine Require related directives with mod_ssl options like SSLVerifyClient.

Thanks in advance?

+2 votes

I'm trying to set DocumentRoot and the following directory directive relative to ServerRoot:

DocumentRoot "../web"

DocumentRoot is working, but the Directory directive is not. It won't match. If I change the directory directive to an absolute path it will work. Any idea how I can get this to work?

0 votes

I am a bit confused about the mod_rewrite documentation. It shows this rule to block hotlinking:

RewriteCond "%{HTTP_REFERER}" "!^$"
RewriteCond "%{HTTP_REFERER}" "!www.example.com" [NC]
RewriteRule ".(gif|jpg|png)$" "-" [F,NC]

however, I'd think a better rule would be:

RewriteCond "%{HTTP_REFERER}" "^$" [OR]
RewriteCond "%{HTTP_REFERER}" "!(www.)?example.com/.*$" [OR,NC]
RewriteRule ".(gif|jpg|png)$" "-" [F,NC]

if I want to block anyone manually typing in a link (no referer) + hotlinking (probably has a referer). Do i need the [OR] on the 1st
RewriteCond and not the 2nd one? It seems to work with OR on both conditions.

0 votes

I have two handlers to be accessed. My motive is to use the second handler if the first handler returns DECLINED.

I have tried various combinations of SetHandler, AddHandler and AddType but none has worked as overriding takes place in all of these combinations.

Is there any method in Apache to use more than one handler without overriding?

+1 vote

Just set up a FreeBSD jail to run httpd in it and all works good except these two, rewrite/proxy modules.

These are error logs excerpts:

MOD_REWRITE error: 
[rewrite:crit] [pid 43447] (13)Permission denied: AH00666: mod_rewrite: could not init rewrite_mapr_lock_acquire in child 
MOD_PROXYÂ error: 
[proxy:crit] [pid 43447] (13)Permission denied: AH02479: could not init proxy_mutex in child 

Not sure permissions of what are being denied as html in document root is being served just fine when these modules are disabled.

I tried googling but found nothing but rubbish. Please help?

...