Er... I don`t want to look like I am desperate... but i am actually a
bit, hehe...
Anyone has any idea about this? am I doing something wrong?
any contribution will be welcome
Thank you all very much!
J.M. Castroagudin escribió:
Hmmm... I thought that "deny,allow", as I had, was the right order. I
mean, "first of all, nobody can get in. Then, if someone`s IP match
'intranet', let him in"....
Anyway, I tried changing it, and it behaves the same: no SSL, works
right. With SSL, everybody can get in...
Perhaps there is any limitation involving SSL and IP filtering (i dont
know, something like the issue SSL-Vhosts, or so...)?
Any idea?
Thanks!
Phillip Hamilton escribió:
I'm no ENV pro, but have you tried "Order Allow, Deny"?
"deny,Allow"
The deny directives are evaluated before the Allow directives. Access is
allowed by default. Any client which does not match a deny directive
or does
match an Allow directive will be allowed access to the server."
:)
-----Original Message-----
From: J.M. Castroagudin [mailto:[EMAIL PROTECTED] Sent:
Thursday, September 13, 2007 8:47 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] Allow/Deny directive and https
Hi everybody,
I have been trying to limit access to certain 'directories' (inside a
https vhost) based on IP directives. Something like this:
SetEnvIf remote_addr W.X.Y.Z intranet
SetEnvIf Client-ip W.X.Y.Z intranet
<VirtualHost *:443>
DocumentRoot "/disc/html/https"
ServerName secure.foo.com
....
<Directory /disc/html/https/intranet>
Order Deny,Allow
Deny from All
Allow from env=intranet
</Directory>
....
</VirtualHost>
There is only a https virtual host in this server.
But it seems not to work as expected. Accesing via
'http://secure.foo.com', Deny and Allow directives work right (it is
defined before in conf file). Although, entering via
'https://secure.foo.com', everybody has acces to this directory...
Is there a way to do this? I am beginning thinking it can not be
possible... it is?
Thanks in advance,
J.M.Castroagudín Silva
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
