Requerir directiva en .htaccess evita que se muestren directorios

I have the following directory hierarchy

-root_folder
   .htaccess
   -sub_folder
       .htaccess

The content of the .htaccess file in sub_folder:

AuthType Basic
AuthName "webdav"
AuthUserFile /var/www/test/passwd.dav
Require user test

root_folder contiene lo siguiente .htaccess

Satisfy any
Order deny,allow
Deny from all
Allow from env=ALLOWED
SetEnvIfNoCase Request_URI "^/+webdav/root_folder/?$" ALLOWED

Note, please, that i am using WebDav.

It is set up in /etc/apache2/conf.d/webdav. The file contains the following:

Alias /webdav /home/user/projects/test/public
<Location /webdav/>
    Order Allow,Deny
    Allow from #list of ips here
    DAV On
    PassengerEnabled off
    LimitXMLRequestBody 0
    Options Indexes FollowSymLinks
</Location>

The problem is that when i try to access localhost/webdav/root_folder/ folder using browser the sub_folder is not displayed. But when i remove the Require user some_user directive the sub_folder is shown in the list. If i try to enter localhost/webdav/root_folder/sub_folder/ cuando Require user directive is enabled i'm asked to enter login and password and everything is ok if i enter correct credentials.

Is it possible to list everything within directory and at the same time use require user directives in .htaccess files inside sub_folders to control access to them?

preguntado el 22 de mayo de 12 a las 18:05

1 Respuestas

In your root_folder (I believe that is your $DOCUMENT_ROOT) create .htaccess file with following content:

SetEnvIfNoCase Request_URI "^/*$" ALLOWED

Satisfy        any
Order          deny,allow
Deny from      all
Allow from     env=ALLOWED

If root_folder is not $DOCUMENT_ROOT then use:

SetEnvIfNoCase Request_URI "^/+root_folder/?$" ALLOWED

como la primera línea.

contestado el 22 de mayo de 12 a las 23:05

Thanks for your reply. Well, now the sub_folder is shown, but when i hit it i am not asked to enter my login and password. And my goal is to control access to different directories without hiding them. - romano

In my setup it does ask for login/password when I click on sub_folder from the list. Can you please post your both .htaccess from root_folder and sub_folder. - anubhava

On my Apache installation I have tried everything but it always lists sub_folder from root_folder and asks login/password when I click on sub_folder. Only thing that I don't have is mod_dev loaded and DAV on. I will try that as well in a while and let you know. - anubhava

Creo que el Satisfy any directive breaks the scheme in my case because i have Allow from #long list of ips in webdav config file inside /etc/apache2/conf.d. This ip-list contains 127.0.0.1 so if i try to access some sub_folder Apache's config parser finds this directive and allows access to this sub_folder. In fact it will allow access if ANY condition within Allow directive is satisfied. Using Satisfy all still prevents directories from being shown. If i use Satisfy any y quitar Allow from #ip-list del webdav file everything works as you described. - romano

Oh I see I was suspecting DAV stuff. But great to know that you've found the root cause. I suspect if you access your web server form an IP that is not in allowed list of webdav it will behave exactly as I described. - anubhava

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.