All geek questions in one place

Require directive in .htaccess not to show directories

I have the following directory hierarchy

-root_folder .htaccess -sub_folder .htaccess

The contents of the .htaccess file in sub_folder:

 AuthType Basic AuthName "webdav" AuthUserFile /var/www/test/passwd.dav Require user test

root_folder contains the following .htaccess

 Satisfy any Order deny,allow Deny from all Allow from env=ALLOWED SetEnvIfNoCase Request_URI "^/+webdav/root_folder/?$" ALLOWED

Please note that I am using WebDav .

It is installed in /etc/apache2/conf.d/webdav . The file contains the following:

 Alias /webdav /home/user/projects/test/public <Location /webdav/> Order Allow,Deny Allow from #list of ips here DAV On PassengerEnabled off LimitXMLRequestBody 0 Options Indexes FollowSymLinks </Location>

The problem is that when you try to access the localhost/webdav/root_folder/ folder using the browser, sub_folder not displayed. But when I Require user some_user , Require user some_user is displayed in the list. If I try to enter localhost/webdav/root_folder/sub_folder/ when the Require user directive is enabled, I will ask you to enter a username and password, and everything will be fine if I enter the correct credentials.

Is it possible to list everything in a directory and at the same time use the Require user directives in .htaccess files inside sub_folders to control access to them?

+4
source share
1 answer

In your root folder (I believe this is your $DOCUMENT_ROOT ), create a .htaccess file with the following contents:

 SetEnvIfNoCase Request_URI "^/*$" ALLOWED Satisfy any Order deny,allow Deny from all Allow from env=ALLOWED

If root_folder not $ DOCUMENT_ROOT, then use:

 SetEnvIfNoCase Request_URI "^/+root_folder/?$" ALLOWED

as the first line.

+2
source

Source: https://habr.com/ru/post/1413811/

More articles:


All Articles