2

I have created a subfolder and wanted to restrict its access to a certain user ("michael_mayer").

# User Michael Mayer
Alias /michael_mayer /var/www/webdav/users/michael_mayer
<Directory /var/www/webdav/users/michael_mayer>
    DAV             On
    AuthType        Basic
    AuthName        "Michael Mayer Directory"
    AuthUserFile /etc/apache2/users.password
    Require         valid-user
</Directory>

#Require valid-user means that everybody with a valid username+pass can access it

<Location /michael_mayer/>
    Require    michael_mayer
</Location>

However, I can still access the folder

/var/www/webdav/users/michael_mayer

with a different user, so I guess I made a typo or forgot something else.

Could anybody with experience have a look if he sees any error in my script?

Thank you!

tmighty
  • 123
  • 5

1 Answers1

1

Because of this in the first Directory configuraion:

Require         valid-user

Any user in that file is considered valid. Change 'valid-user' to 'michael_mayer' and it will work properly.

Additionally, the 'Require' directive is not valid in the 'Location' context. You can only use the require setting in the 'Directory' context or in an .htaccess file (if AllowOveride is enabled). Your 'Location' configuration is superfluous.

Gene
  • 3,663
  • 20
  • 39
  • Thank you. Can you tell me why I have to state it twice, once in the Directory structure, then once again in the Location structure? – tmighty Oct 02 '14 at 20:12
  • The 'Require' directive doesn't apply in that context. It's only valid in Directory and in .htaccess. [Read this for more information.](http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require) – Gene Oct 02 '14 at 20:37
  • You mean that I should / can remove the "Location" structure? Or do you mean that the Require statement within the Directory structure is useless? – tmighty Oct 02 '14 at 20:39
  • 1
    If that's the only thing you're setting in the Location directive then it can be removed entirely. You need to set 'Require' in the 'Directory' settings. – Gene Oct 02 '14 at 20:40