On May 6, 2010, at 3:34 PM, Evgeny Morozov wrote:
> I think I misunderstanding something. Here is my config:
You don't have "CosignProtected On" for /private.php. The Location containers
don't inherit the settings from your Directory container. See also:
<Location> Directive
http://httpd.apache.org/docs/2.1/mod/core.html#location
"<Location>directives should not be used to control access to filesystem
locations. Since several different URLs may map to the same filesystem
location, such access controls may by circumvented."
and
What to use When
http://httpd.apache.org/docs/2.1/sections.html
"It is important to never use <Location> when trying to restrict access to
objects in the filesystem."
andrew
> <Directory "/var/www/phpbb/htdocs">
> Options Indexes FollowSymLinks
> AllowOverride none
> Order Allow,Deny
> Allow from all
> CosignProtected On
> CosignService phpbb
>
> </Directory>
>
> <Location /public.php>
> CosignAllowPublicAccess On
> </Location>
>
> <Location /private.php>
> CosignAllowPublicAccess Off
> </Location>
>
> I can access "private.php" even I'm not logged in into cosign (but
> index.php for example redirects me to cosign login page). And
> $_SERVER[REMOTE_USER] is not set for both "public.php" and "private.php".
>
>
>
> --
> Regards,
> Evgeny Morozov
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Cosign-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>
> !DSPAM:4be319eb132217959445649!
>
>
>
------------------------------------------------------------------------------
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
