Friday, September 18, 2009

Apache Access Restrictions

I have a directory that I don't want people browsing unless they're using SSL. My reasoning is simple - I am using basic auth and I don't want people sending their passwords clear text.

I have 2 virtual host directives in my sites config file. One for port 80, the other for 443. To forbid access I set it up like this:

<VirtualHost *:80>
   ...
  <Location /files>
    deny from all
  </Location>
</VirtualHost>


<VirtualHost *:443>
   ...
  <Location /files>
    DAV on
    Options Indexes
    AuthType Basic
    AuthName "the share"
    AuthUserFile ...
    Require valid-user
  </Location>
</VirtualHost>


It is like a Colt 45.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)