My understanding was that an .htaccess file consisting of a sole
'Require all denied' line prevents any and all access to the
containing directory via Apache (provided that .htaccess access
control is enabled there, of course.)
Apparently that's not the case when a directory up the tree has
'Require all granted' under a <FilesMatch />, like:
$ cat < public/foo/.htaccess
<FilesMatch "^baz\.text$">
Require all granted
</FilesMatch>
$ cat < public/foo/bar/.htaccess
Require all denied
$ wget -SO /dev/full --
http://localhost/~ivan/foo/bar/baz1.text
...
HTTP/1.1 403 Forbidden
...
$ wget -SO /dev/full --
http://localhost/~ivan/foo/bar/baz.text
...
HTTP/1.1 404 Not Found
...
$
Any insight on how it really does work? (And if there's a
better way to disable HTTP access to a world-readable directory,
aside of denying access to it to the user Apache runs as?)
TIA.
--
FSF associate member #7257
http://am-1.org/~ivan/
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)