Women in Technology

Hear us Roar



Article:
  Apache Web-Serving with Mac OS X: Part 2
Subject:   Directory directives not working
Date:   2003-09-04 10:17:58
From:   anonymous2
I am running Apache 1.3.27 on Mac OS X Server v10.2.6 and would like to restrict access to a particular folder based on incoming IP number. In my httpd.conf file I added simply:


<Directory "/Library/WebServer/restrict">
Order Deny,Allow
Deny from All
</Directory>


and this restricts access to the "restrict" directory for everyone giving the Forbidden error page, as I would expect.


When I change the above to:


<Directory "/Library/WebServer/restrict">
Order Deny,Allow
Deny from All
Allow from 192.168.0 # IP number changed to protect the innocent--my intention would be to allow the entire 192.168.0.X domain in this example access to the restricted folder
</Directory>


However, Apache seems to ignore this Allow directive and I am again denied access from a machine on the 192.168.0.X domain.


The access_log says:


192.168.0.23 - - [04/Sep/2003:08:12:28 -0400] "GET /restrict/restrict.html HTTP/1.1" 403 321


The error_log says:


[Thu Sep 4 08:12:28 2003] [error] [client 192.168.0.23] client denied by server configuration: /Library/WebServer/restrict/restrict.html


I've also tried the Allow directive in the form:


Allow from 192.168.0.


I've also tried entering the Directory directive in the httpd_macosxserver.conf file--which gives the same results.


mod_access.so is being loaded.


Follow-up:


It appears that the Allow directive is working, although Apache doesn't appear to be checking it against the incoming user's IP number--it seems to be checking against the server's ip number.


For example, if I allow just one ip number:


Allow from 192.168.0.23


it denies access for the user 192.168.0.23


However, if I allow access for the SERVER'S IP number:


Allow from 192.168.0.20 # where .20 is the server's IP number, EVERYONE is granted access.


This is driving me crazy...


Any suggestions would be greatly appreciated.