StealthEye,

Welcome to WebmasterWorld [webmasterworld.com]!

See the Satisfy any directive in Apache [httpd.apache.org] core. Combined with Require (also core), Allow from, and Deny from in mod_access, it will do what you want.

Jim

Thanks for the reply! I've got this to work now.. Great :D

Another question: Is it possible to disallow directory listings per user? I know you can do it for all by useing "Options -indexes" but I want do that for one user only.. Is it possible? Something like useing <limit> or something? :)

Thanks again,
StealthEye

I don't know of any config-type settings you could use. But assuming you mean to define a user by logged-in username rather than by IP address, you could use mod_rewrite based on the server variable %{REMOTE_USER} and rewrite directory requests from this user to a different page. This could be a blank page, a unique warning page, a fake directory page, or even your custom 403-Forbidden page -- whatever you like. However, this page would be served with a response code of 200-OK rather than 403-Forbidden, which might or might not be acceptable for your purposes. You could also use mod_rewrite to simply return a 403-Forbidden response instead.

There could be some side-effects, though. If you require that a specific user be logged-in before redirecting his directory requests, then that redirection won't work if the user is not logged in. If you redirect for that specifc user, plus any blank {REMOTE_USER} value, then all non-logged-in users will be redirected, as well as your special user. So you must be careful about the "overlap" of authorization status and this redirection.

Jim

Cand seem to get the RewriteRule to match directories only.. It is working when I put some test file and make the RewriteRule to block that.. But that's not really what I want ;)

See the -d flag of RewriteCond

Jim

Thanks for all of your replies, all of them have helped me out really good :D

But the directory flag is just working partially: it will also block dirs with a index.php/.htm file in it. Which is not what I want..

Someone suggested that I might just change the default directory listing page, if possible, and then check for $REMOTE_USER with php (That shouldn't be hard for me to do) But is it possible to change the default directory listing, or, if not, create my own directory listing with PHP when there is no index file in the direcotry? I'm useing Apache 1.3, but I may want to update if I really can't do it with this version.

Thanks,
StealthEye

See the DirectoryIndex directive in Apache core.

At this time, I would advise you to stick with Apache 1.3 for use in a production environment. As someone put it yesterday, don't switch until Service Pack 1 is released...

Jim

Thank you very very much! :D

Everything is working now, I should just create the directory listing script, but it's PHP, so that will not make any problem probably.. Just one little question, which will make it that 1% nicer:
Is it possible to make the directory listing script outside of the document root? I've tested placing the absolute path there (On windows, so I also tried \\ instead of \ in the path) but it doesn't seem to work..
It isn't all that important, but it would be nice ;)

I will do some other things with my server config, but I think I can do it myself :) At least I will try to do it, and otherwise give those parts up.. Isn't really important either, but just "the 1% nicer" again ;)

Again, thanks for all the help I've got here, I hope you will continue to help like this :)

Greets, StealthEye

See the ScriptAlias directive in mod_alias. This allows your script to reside outside the site's directory structure, but within it's URL structure.

Jim