Access Control in 2.4 question

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Access Control in 2.4 question

Rose, John B
If all the necessary modules are installed, what would prevent this from working?

<Files "private.html">
    Require all denied
</Files>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Access Control in 2.4 question

Eric Covener
On Wed, Aug 9, 2017 at 3:03 PM, Rose, John B <[hidden email]> wrote:
> If all the necessary modules are installed, what would prevent this from
> working?
>
> <Files "private.html">
>     Require all denied
> </Files>

Not in a config file being read
Proxied so it never hit the filesystem and never matched
Overridden by section with higher precedence like Location or htaccess
Browser cache

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Access Control in 2.4 question

Rose, John B
Thanks for the reply Eric.

1. Regarding "Proxied so it never hit the filesystem and never matched” if ProxyPassMatch is being used for php-fpm and blocking access to a .php file is goal, how can that be accomplished? Or maybe I am not understanding how that works.

2. As for "Overridden by section with higher precedence like Location or htaccess” is there some way to determine that besides culling thru lines of config files line by line?




On 8/9/17, 3:33 PM, "Eric Covener" <[hidden email]> wrote:

>On Wed, Aug 9, 2017 at 3:03 PM, Rose, John B <[hidden email]> wrote:
>> If all the necessary modules are installed, what would prevent this from
>> working?
>>
>> <Files "private.html">
>>     Require all denied
>> </Files>
>
>Not in a config file being read
>Proxied so it never hit the filesystem and never matched
>Overridden by section with higher precedence like Location or htaccess
>Browser cache
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [hidden email]
>For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Access Control in 2.4 question

Eric Covener
On Wed, Aug 9, 2017 at 4:19 PM, Rose, John B <[hidden email]> wrote:
> Thanks for the reply Eric.
>
> 1. Regarding "Proxied so it never hit the filesystem and never matched” if ProxyPassMatch is being used for php-fpm and blocking access to a .php file is goal, how can that be accomplished? Or maybe I am not understanding how that works.

You can use the SetHandler method of configuration for mod_proxy_fcgi,
 which allows the normal mapping to occur first.

> 2. As for "Overridden by section with higher precedence like Location or htaccess” is there some way to determine that besides culling thru lines of config files line by line?

Not really, but you're looking specifically for a section w/ 'require'
directives.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Access Control in 2.4 question

Rose, John B
Eric

Thanks for those tips, they helped us out.

j




On 8/9/17, 4:31 PM, "Eric Covener" <[hidden email]> wrote:

>On Wed, Aug 9, 2017 at 4:19 PM, Rose, John B <[hidden email]> wrote:
>> Thanks for the reply Eric.
>>
>> 1. Regarding "Proxied so it never hit the filesystem and never matched” if ProxyPassMatch is being used for php-fpm and blocking access to a .php file is goal, how can that be accomplished? Or maybe I am not understanding how that works.
>
>You can use the SetHandler method of configuration for mod_proxy_fcgi,
> which allows the normal mapping to occur first.
>
>> 2. As for "Overridden by section with higher precedence like Location or htaccess” is there some way to determine that besides culling thru lines of config files line by line?
>
>Not really, but you're looking specifically for a section w/ 'require'
>directives.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [hidden email]
>For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]
Loading...