On 13 Mar 10:31, Chris G wrote:
I'm trying to prevent outside access to a sub-directory of a directory which *does* allow outside access.
In my httpd.conf file I have:-
# # # Allow access to /var/www/html from LAN and work or with # password from elsewhere # <Directory /var/www/html> Order Deny,Allow Deny from all Allow from 192.168.1 193.128.168.194 84.45.228.40 Satisfy Any AuthType Basic AuthName "ISBD Home Server" AuthUserFile /etc/httpd/conf/passwd Require valid-user </Directory> # # # Deny access to xyz from anywhere except home systems # <Directory /var/www/html/info/xyz> Order Deny,Allow Deny from all Allow from 192.168.1 </Directory> # # # Allow access to /var/www/html/public from anywhere # <Directory /var/www/html/public> Order Deny,Allow Allow from All </Directory>What's happening is that when I try to access /var/www/html/info/xyz from outside the home LAN it's not denying access, it's asking for a username and password. I.e. the "Satisfy Any" section of the /var/www/html Directory is being acted on. How do I prevent this and totally deny access from outside to /var/www/html/info/xyz?
Taking a wild stab in the dark: * You have an ADSL/Cable Router * You map ports on an external IP through to ports on the internal LAN * Your apache log always logs external access as coming from the internal IP of the router
If that's the case, then you'll need to not allow from the routers IP.
Cheers,