[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] RAQ 4i problem implementing POST limit in .htaccess
- Subject: [cobalt-users] RAQ 4i problem implementing POST limit in .htaccess
- From: Nell Bolen <nell@xxxxxxxxxxxxxx>
- Date: Sun Dec 9 16:02:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Dear List,
Trouble with implementing the POST limit in .htaccess on RAQ 4i. Have
read the archives about .htaccess problems, but have
found nothing appliable to this situation. Here's an example .htaccess
file for a message board directory:
AuthPAM_Enabled off
AuthGroupFile /dev/null
AuthName "ForumName"
AuthType Basic
<Limit POST>
order allow,deny
allow from all
deny from whatever.com whichever.net 123.456.789.222 123.456.789
</Limit>
Using this file does nothing to prevent posting for the .htaccess file's
named domains/IPs. However, the limit function "get" works as
it should. Using myself as a blocked domain in the .htaccess file, I
cannot view a page when the GET limit is used, but can post when the
POST limit is used.
Have checked server access.conf for something like "AllowOverride None,"
but defaults are set like this:
************************************************************************************************************************
<Directory/>
Options None
AllowOverride AuthConfig Indexes Limit
AuthFailDelay 2000000
</Directory>
************************************************************************************************************************
and from what I could find out, the bare listing of a term like
"AllowOverride" by itself in a line means it is enabled. Is
that correct, please? If that is so, "limit" seems to be enabled, too,
at this level.
The <Directory /home/sites/> line looks like this:
************************************************************************************************************************
<Directory /home/sites/>
# This may also be "None", "All", or any combination of "Indexes",
# "Includes", "FollowSymLinks", "ExecCGI", or "MultiViews".
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
Options Indexes FollowSymLinks Includes MultiViews
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options",
"FileInfo",
# "AuthConfig", and "Limit"
AllowOverride AuthConfig Indexes Limit
# ignore .ht*
<Files ".ht*">
deny from all
</Files>
# Controls who can get stuff from this server.
order allow,deny
allow from all
AuthFailDelay 2000000
# Frontpage subwebs use a nice mix of pam and Basic authentication
AuthPAM_FallThrough on
</Directory>
************************************************************************************************************************
Am not certain of the meaning of the "files" instructions in this one,
but otherwise, I see nothing to prevent the Limit
function from working as it should.
The last part of access.conf I want to share is <Directory
/home/sites/*/>, which says:
************************************************************************************************************************
# be more restrictive within a site
<Directory /home/sites/*/>
Options -FollowSymLinks +SymLinksIfOwnerMatch
</Directory>
************************************************************************************************************************
Should I try changing this one? Or are Limit, AllowOverride, etc.
enabled at this level because of uproot directives? I see
the instructions taking away from the FollowSymLinks, but not from
Limit, etc.
Would appreciate any pointers. Have used this system on other
Linux/Apache servers, and it worked just fine, so am thinking
the problem is in the access.conf part of the setup. Thank you very much
for any suggestions.
Regards, Nell Bolen
nell@xxxxxxxxxxxxxx