More Secure Sub-directory

Aaron Roots aaron.roots at
Fri Jan 27 01:17:24 GMT 2012

Sorry another option would be to only use .htaccess. But as this is
somewhat equivalent to using the Directory block - so it also will not
work with mod_rewrite

The latter xml rules was the only way we could provide users with
authentication control directly themselves and also have access to use
mod_rewrite. Have not had any other issues reported - so maybe we do not
use the other things that may cause problems as well

On 27/01/12 11:08 AM, "Cantor, Scott" <cantor.2 at> wrote:

>On 1/26/12 6:51 PM, "Aaron Roots" <aaron.roots at> wrote:
>>The Location block directives override the .htaccess directives:
>>So the choices are:
>>* Use a location block in your apache conf for the more secured directory
>>(may not want user accessing apache conf or continually needing to action
>>requests on their behalf )
>>* Use the initial directive in a Directory block instead of Location (but
>>this may break things like mod_rewrite)
>>* Use the XML permission format
>Since the latter wouldn't work with mod_auth or various other options, and
>since the behavior and require options here are Apache's standard behavior
>(not specific to using SAML), it seems like either the first two are just
>accepted as the standard practice, or we're missing some additional trick
>to do it.
>-- Scott
>To unsubscribe from this list send an email to
>users-unsubscribe at

More information about the users mailing list