abdera-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "william kelley (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ABDERA-398) Need simple subfolder access control to allow ONLY indirect access
Date Mon, 11 Aug 2014 18:18:12 GMT
william kelley created ABDERA-398:

             Summary: Need simple subfolder access control to allow ONLY indirect access
                 Key: ABDERA-398
                 URL: https://issues.apache.org/jira/browse/ABDERA-398
             Project: Abdera
          Issue Type: Bug
    Affects Versions: 1.1.2, 1.1.1, 1.1, 1.0, 0.4.0, 0.3.0, 0.2.2, 1.1.3, 1.2
            Reporter: william kelley

On the web I have found literally dozens of questions on this, and not one single simple solution,
and most web solutions dont (always) work. 

Everyone has a need to prevent access to the wrong files, and usually can stick them in a
subfolder. Often you have no control on where the subfolder can be, meaning it is indeed a
subfolder of the web site root folder.

What everyone wants, is to say, no one can DIRECTLY access subfolder foo,
but my files, such as <root>/index.php CAN access foo.

The allow/deny mechanism appears to have no way to say this, which is clearly where it should
be controlled.

It appears if the allow/deny mechanism always treats access from
request directly to foo folder
exactly the same as
request to index.php which accesses subfolder foo, which is the desired working route.

Allow from <mysite.com> does not work, I'm guessing because allow can only test the
requesting ip/hostname.

How hard is it to have a keyword for
Deny <direct access>?
Allow <local access>?
AllowIndirect all
Allow allIndirect
you are clever, pick what you like and make it easy to say.

If I am missing something simple that "fixes" this, it is not from lack of spending days,
not hours, looking for this.
Something this basic and universal should be able to be expressed by a not very expert at
all person, in one or two lines.

I am a programmer of some decades, and I expect this could be fixed in a day, maybe 2, by
someone familiar with internals.

If the solution is out there, it is well hidden.

thanks for reading.
Replies invited.

This message was sent by Atlassian JIRA

View raw message