The following reply was made to PR config/637; it has been noted by GNATS. From: [EMAIL PROTECTED] (Rodent of Unusual Size) To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: config/637: Date: Sun, 01 Jun 1997 00:33:54 -0400
[Response from user that didn't get logged..] Date: Fri, 30 May 1997 15:57:49 -0400 (EDT) From: Gregg TeHennepe <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Changed information for PR config/637 On Fri, 30 May 1997 [EMAIL PROTECTED] wrote: > Synopsis: ~user requests are served regardless of server access config > > State-Changed-From-To: open-analyzed > State-Changed-By: marc > State-Changed-When: Fri May 30 12:31:50 PDT 1997 > State-Changed-Why: > Can't duplicate the problem here. Please send a copy of > your config files. You may also want to give b11 a try. Hi Marc, Erf, I've discovered my confusion. When using the directive suggested by the "Protect server files by default" section security of the Security Tips (ie without AllowOverride), I am able to override <Limit> from a ~user's .htaccess. However with AllowOverride None in the server config file, I am denied (as is mentioned in the section "Stopping user overriding system wide settins..."). My mistaken assumption was that the default for a Directory/Location directive not explicity setting Options and AllowOverride was None and None. Perhaps it would be a good idea to mention AllowOverride None in the "Protect server files..." section of the Security Tips as well. Also, some mention of the default behavior in the doc pages for the AllowOverride and Options directives would be a good thing. Apologies for the misreport... Cheers - Gregg Gregg TeHennepe | Unix Systems Administrator | The Jackson Laboratory [EMAIL PROTECTED] | http://www.jax.org/~gat | Bar Harbor, Maine USA
