[ Team LiB ] |
Recipe 6.27 Limiting Methods by UserProblemYou want to allow some users to use certain methods but prevent their use by others. For instance, you might want users in group A to be able to use both GET and POST but allow everyone else to use only GET. SolutionApply user authentication per method using the Limit directive: AuthName "Restricted Access" AuthType Basic AuthUserFile filename Order Deny,Allow Allow from all <Limit GET> Satisfy Any </Limit> <LimitExcept GET> Satisfy All Require valid-user </Limit> DiscussionIt is often desirable to give general access to one or more HTTP methods, while restricting others. For example, while you may wish any user to be able to GET certain documents, you may wish for only site administrators to POST data back to those documents. It is important to use the LimitExcept directive, rather than attempting to enumerate all possible methods, as you're likely to miss one. See Also |
[ Team LiB ] |