Re: [WEB SECURITY] apache issue

["Jay D. Dyson" <jdyson@xxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 7 Jun 2005, Anita Salerno wrote:

> the problem is that none of the security measures work, I'm
> bypassing all of them (.htaccess and ip list specification).
> When I'm desprate, I've configured the access file as follow:
> Order Deny,Allow
> Deny from all
>
> and I still have access to the web site.
>
> Any idea ?

	First off, the contents of your .htaccess file should be something 
like this:

<Limit GET>
  order deny,allow
  deny from all
</Limit>

	Secondly, did you configure the "AllowOverride" directive in your 
httpd.conf Directory sections?  If not, that would explain why .htaccess 
is not doing the trick.

	Check the contents of those two files and you'll likely find the 
answer on why what you're doing isn't working.

- -Jay

   (    (                                                      _______
   ))   ))  .-"There's always time for a good cup of coffee"-.  >====<--.
 C|~~|C|~~| \----- Jay D. Dyson -- jdyson@xxxxxxxxxxxxx -----/ |    = |-'
  `--' `--'  `-- Pardon me, but am I on the right planet? --'  `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQFCpclnxzN3WIW0edsRAgKZAKCwrIZVBHEEay8/XX8YZb3h3mQiZACfeel5
4uDgNfwaSQ55HBr+sQXzQUA=
=s7/E
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/