abdera-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "william kelley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ABDERA-398) Need simple subfolder access control to allow ONLY indirect access
Date Wed, 13 Aug 2014 19:02:13 GMT

    [ https://issues.apache.org/jira/browse/ABDERA-398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095939#comment-14095939
] 

william kelley commented on ABDERA-398:
---------------------------------------

That is funny. Thanks for clearing that up.
Any idea why the link from the apache web server sight took me here?

> Need simple subfolder access control to allow ONLY indirect access
> ------------------------------------------------------------------
>
>                 Key: ABDERA-398
>                 URL: https://issues.apache.org/jira/browse/ABDERA-398
>             Project: Abdera
>          Issue Type: Bug
>    Affects Versions: 0.2.2, 0.3.0, 0.4.0, 1.0, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.2
>            Reporter: william kelley
>
> On the web I have found literally dozens of questions on this, and not one single simple
solution, and most web solutions dont (always) work. 
> Everyone has a need to prevent access to the wrong files, and usually can stick them
in a subfolder. Often you have no control on where the subfolder can be, meaning it is indeed
a subfolder of the web site root folder.
> What everyone wants, is to say, no one can DIRECTLY access subfolder foo,
> but my files, such as <root>/index.php CAN access foo.
> The allow/deny mechanism appears to have no way to say this, which is clearly where it
should be controlled.
> It appears if the allow/deny mechanism always treats access from
> request directly to foo folder
> exactly the same as
> request to index.php which accesses subfolder foo, which is the desired working route.
> Allow from <mysite.com> does not work, I'm guessing because allow can only test
the requesting ip/hostname.
> How hard is it to have a keyword for
> Deny <direct access>?
> or
> Allow <local access>?
> or
> AllowIndirect all
> or 
> Allow allIndirect
> or
> you are clever, pick what you like and make it easy to say.
> If I am missing something simple that "fixes" this, it is not from lack of spending days,
not hours, looking for this.
> Something this basic and universal should be able to be expressed by a not very expert
at all person, in one or two lines.
> I am a programmer of some decades, and I expect this could be fixed in a day, maybe 2,
by someone familiar with internals.
> If the solution is out there, it is well hidden.
> thanks for reading.
> Replies invited.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message