- From: Tristan Fiedler <fiedler@cshl.edu>
- Date: Wed, 20 Dec 2006 16:01:35 -0500
- To: alex@ubudesign.com
- Cc: w3c-dist-auth@w3.org
Thank you all for the replies. Removing GET applies to the 'Require user' directive I believe. Thus removing GET leaves this method unprotected. See http://httpd.apache.org/docs/1.3/mod/core.html#limit However, changing directory permissions to 'd-wx-wx-wt' seems to do the job. On Dec 20, 2006, at 3:15 PM, Alex Jalali wrote: > I'm not that familiar with apache permissions but wouldn't removing > GET, > DELETE ect from limit do what you need? > > <Limit GET OPTIONS PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY > MOVE LOCK UNLOCK> > > >> >> I am using a DAV server for a project where authorized users will >> upload large data files to our DAV site (linux running apache). I >> have >> been able to set up the apache directives to allow users to upload >> files, but wanted to know if there is a way to allow *only* file >> uploads, and thus prevent users from reading files already present in >> the DAV directory, and also from deleting/downloading files already >> present in the DAV directory. >> >> Basically, I am attempting to create a "drop box" where users must >> login, then can upload their file but not delete or read material >> already present on the DAV folder. I currently have the httpd.conf >> file : >> >> <Location /dav_directory> >> DAV On >> AllowOverride None >> Options +Indexes >> AuthType Basic >> AuthName "authorization" >> AuthUserFile /path/to/passwd/file >> <Limit GET OPTIONS PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY >> MOVE LOCK UNLOCK> >> Require user foobar >> </Limit> >> </Location> >> >> Many thanks for any assistance! >> >> >> >
Received on Wednesday, 20 December 2006 21:08:43 UTC