Re: [users@httpd] WebDAV directory allowing all access despite limits
by Sean Davis other posts by this author
Feb 28 2006 9:59AM messages near this date
Re: [users@httpd] WebDAV directory allowing all access despite limits
|
[users@httpd] Rewrite rules !!
On 2/28/06 10:08 AM, "Joshua Slive" <joshua@[...].ca> wrote:
> On 2/28/06, Sean Davis <sdavis2@[...].gov> wrote:
> >
> >
> >
> > On 2/28/06 9:23 AM, "Nick Kew" <nick@[...].com> wrote:
> >
> >> On Tuesday 28 February 2006 13:55, Sean Davis wrote:
> >>
> >>> 128.231.145.14 - sean [28/Feb/2006:08:46:34 -0500] "PUT
> >>> /webDAV/public/Abstract.doc HTTP/1.1" 204 -
> >>
> >> See that "sean" in there? Your client has authenticated itself.
> >> Where's the problem?
> >
> > Sorry, Nick, for not explaining the problem clearly. The problem isn't the
> > lack of authentication, but what I thought was too permissive authorization.
> > Perhaps my understanding of LimitExcept is wrong, but I thought if I had a:
> >
> > <LimitExcept GET HEAD OPTIONS>
> > Require user sean
> > </LimitExcept>
> >
> > that I shouldn't be able PUT or DELETE. The log entries show that I was
> > able to do that--hence the problem. I don't understand why I can PUT or
> > DELETE with the LimitExcept directive in place. I simply want a webDAV
> > directory that is read-only by the user sean.
>
> Yes, your understanding of <LimitExcept> is wrong. You want
> <Limit GET OPTIONS>
> require use sean
> </Limit>
> <LimitExcept GET OPTIONS>
> Order allow,deny
> Deny from all
> </LimitExcept>
Thanks for clarifying--that was it.
Sean
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@[...].org
" from the digest: users-digest-unsubscribe@[...].org
For additional commands, e-mail: users-help@httpd.apache.org
Thread:
Sean Davis
Nick Kew
Sean Davis
Joshua Slive
Sean Davis
|
