On 9/21/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Hi, > > When I use the mod_access directives to limit access to certain files or > commands, they just seem to be ignored. For example, to disable > downloading of .htaccess and .htpasswd files I use the (almost) standard > rules of: > > --- example --- > <Files ~ "^\.ht"> > Order allow,deny > Deny from all > Satisfy all > </Files> > --- /example --- > > As far as I know this should disallow anyone (including users logging in > through HTTP AUTH) to open the .ht* files. But if I try to download > them, they can be opened. > The same problem goes for any other access limiting based on IP.
Start by reading this: http://httpd.apache.org/docs/2.2/sections.html#mergin It may be that you have other access-control directives in a <Location> section that are overriding your <Files> section. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
