Article:		Apache Web Serving with Jaguar, Part 3
Subject:		User Directory Access
Date:		2003-04-23 13:08:59
From:		morbus
Response to: User Directory Access
Correct. Nor should they. The GatesMcFaddenCo intranet didn't like ugly ~username URLs, so they switched to Apache's DocumentRoot, which is what the Allow/Deny's are configured for.

Showing messages 1 through 4 of 4.

• User Directory Access
  2003-04-23 13:16:52  Kevin Hemenway | [Reply | View]
  
  
  In rereading your intent (instead of mine), yeah, if someone on the GatesMcFaddenCo machine launched their own user site, it'd be wide open to anyone. The fix to properly protect the entire site / machine (not just Apache's DocumentRoot) is:
  
  <Directory /Users>
  Deny from all
  </Directory>
  
  This is more in line with what the text suggests, but isn't conducive to per-user site directories. In a later part of the series, I talk about user configuration and directories (poor, poor Patti), and you'll see an example of Allow/Deny there.
• User Directory Access
  2003-04-23 18:19:24  anonymous2 [Reply | View]
  
  
  Thanks for the quick feedback and deft interpretation of my somewhat minimalist comment.
• User Directory Access
  2003-05-06 15:45:36  anonymous2 [Reply | View]
  
  
  Just a quick question;
  
  I am trying to set up apache so it can only be acessed by people on the coporate lan - ie 10.0.0.0/8 addresses - but if I replace "gatesmcfarlene" with the ip address range above, plus include one for localhost, I cannot access apache when I am connect on the coporate lan --- no issue if I unplug ..
  
  Have checked the documentation at apache site - but I think I'm missing something.
  
  Can't wait for the rest of the series ..
• allowing address ranges
  2003-05-12 23:42:00  anonymous2 [Reply | View]
  
  
  "I am trying to set up apache so it can only be acessed by people on the coporate lan - ie 10.0.0.0/8 addresses"
  
  Just specify the partial string for the address range, which in your case would be "10."
  
  Allow from 10.