Apache authentication question, how to disable in a sub-directory

Craig White craigwhite at azapple.com
Thu Mar 13 12:59:50 UTC 2008


On Thu, 2008-03-13 at 12:25 +0000, Chris G wrote:
> I am running Fedora 8 with Apache 2.2.
> 
> I have a section of my web site which is password protected for
> outside (i.e. non LAN) users, this uses the standard sequence as
> follows:-
> 
>     AuthType Basic
>     AuthName "ISBD Home Server"
>     AuthUserFile /etc/httpd/conf/passwd
>     Require valid-user
> 
> So far so good, it works as intended.
> 
> However I want to further restrict access to a lower sub-directory such
> that it isn't accessible to outside users at all.  How can I do this?
> Allow/Deny directives don't do what I want because they don't affect
> the above password authentication.  What I want is some directive that
> explicitly *removes* password authenticated access from a directory.
> 
> 
> If I add a "Satisfy All" directive to the sub-directory then the
> effect is to prevent outside access (which is what I want) but in
> adddition LAN users have to enter a valid name/password which I don't
> want to have to do.
> 
> 
> The best solution I have come up with so far is to add "Require
> aNonexistentUser" to the sub-directory, it asks for a name/password
> but no valid ones exist.  However, as I said, I'd really like to say
> "don't try password authentication here at all".
----
This probably depends upon what the purpose of this non-accessible
subdirectory is.

If you don't want apache to access this directory at all, consider that
httpd runs as user:group apache:apache and thus if you were to chmod
o-x /path/to/this/subdirectory, httpd (apache) would not be able to read
the contents, thus it would not be available to anyone via apache. Only
root, owner and group members of the ownership of that directory would
be able to enter the subdirectory (i.e., would require some login
shell).

Craig




More information about the users mailing list