More Secure Sub-directory
Aaron Roots
aaron.roots at deakin.edu.au
Fri Jan 27 01:17:24 GMT 2012
Sorry another option would be to only use .htaccess. But as this is
somewhat equivalent to using the Directory block - so it also will not
work with mod_rewrite
The latter xml rules was the only way we could provide users with
authentication control directly themselves and also have access to use
mod_rewrite. Have not had any other issues reported - so maybe we do not
use the other things that may cause problems as well
On 27/01/12 11:08 AM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>On 1/26/12 6:51 PM, "Aaron Roots" <aaron.roots at deakin.edu.au> wrote:
>>
>>The Location block directives override the .htaccess directives:
>>http://httpd.apache.org/docs/2.2/sections.html#mergin
>>
>>
>>So the choices are:
>>
>>* Use a location block in your apache conf for the more secured directory
>>(may not want user accessing apache conf or continually needing to action
>>requests on their behalf )
>>* Use the initial directive in a Directory block instead of Location (but
>>this may break things like mod_rewrite)
>>* Use the XML permission format
>
>Since the latter wouldn't work with mod_auth or various other options, and
>since the behavior and require options here are Apache's standard behavior
>(not specific to using SAML), it seems like either the first two are just
>accepted as the standard practice, or we're missing some additional trick
>to do it.
>
>-- Scott
>
>--
>To unsubscribe from this list send an email to
>users-unsubscribe at shibboleth.net
More information about the users
mailing list