Location has higher precedence than Directory. It's merged after, not before.
On Tue, Sep 24, 2013 at 6:05 AM, King Holger (CI/AFP2) <[email protected]> wrote: > Dear Apache community, > > we just wonder why when using the following configuration: > > # allow using the "/" directory of this virtual host by all > <Location /> > Require all granted > </Location> > > Alias /fslogs /opt/wcms/fs4/log > <Directory /opt/wcms/fs4/log> > IndexIgnore .. fs4.pid fs-wrapper.log fs-gc.log > IndexOptions +FancyIndexing > Options +Indexes > > AuthType Basic > AuthName "Restricted access" > AuthBasicProvider file > AuthUserFile /tmp/passwd > Require valid-user > </Directory> > > the default handling of overwriting access directives in sub contexts does > not work properly (AuthMerging off). Might it be due to the two directives > "Location" and "Directory"? We expected that for "/opt/wcms/fs4/log" just > authenticated and valid users should have access. So, access should be > limited. Instead we see that everybody can browse the directory. > > Kind regards, > Holger King > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > -- Eric Covener [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
