Re: [apache-ssl] Is "require group" functional in Apache/SSL?

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] Is "require group" functional in Apache/SSL?
From: Marc Slemko <marcs@znep.com>
Date: Fri, 24 Apr 1998 11:29:16 -0600 (MDT)
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
In-Reply-To: <35409EE5.1CC13C6E@algroup.co.uk>
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Reply-To: apache-ssl@lists.aldigital.co.uk

On Fri, 24 Apr 1998, Adam Laurie wrote:

> As a slight side-issue, for best security, I would recommend you change
> this to be in the apache config instead of an external file (if you've
> only done that for testing, then please feel free to tell me to go teach
> my grandma... :). Put something like this in your virtual host
> definition:

I don't really know that that is necessary.  There is no inherent security
problem with using htaccess files as long as you control who they are
writable by properly and control who can read them.

> 
> <Directory /usr/local/apache/webdocs>
> AllowOverride none
> AuthUserFile /usr/local/apache/clientcerts
> AuthGroupFile /usr/local/apache/clientgroups
> AuthType Basic
> AuthName Testing Client Auth
> <Limit GET>
> require group joe
> </Limit>
> </Directory>

If you care about security, I would suggest you drop the silly "Limit GET"
so you limit all requests.

Follow-Ups:
- Re: [apache-ssl] Is "require group" functional in Apache/SSL?
  - From: Adam Laurie <adam@algroup.co.uk>

References:
- Re: [apache-ssl] Is "require group" functional in Apache/SSL?
  - From: Adam Laurie <adam@algroup.co.uk>

Prev by Date: Re: [apache-ssl] Is "require group" functional in Apache/SSL?
Next by Date: Re: [apache-ssl] Is "require group" functional in Apache/SSL?
Prev by thread: Re: [apache-ssl] Is "require group" functional in Apache/SSL?
Next by thread: Re: [apache-ssl] Is "require group" functional in Apache/SSL?
Index(es):
- Date
- Thread