httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <c...@hyperreal.org>
Subject cvs commit: apache/htdocs/manual/mod mod_userdir.html
Date Wed, 02 Jul 1997 02:22:05 GMT
coar        97/07/01 19:22:05

  Modified:    htdocs/manual/misc  security_tips.html
               htdocs/manual/mod  mod_userdir.html
  Log:
  	Add documentation of new syntaxes for UserDir {disable|enable}, and
  	a nod in the security_tips for "UserDir disabled root".
  
  Revision  Changes    Path
  1.9       +6 -0      apache/htdocs/manual/misc/security_tips.html
  
  Index: security_tips.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/misc/security_tips.html,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -C3 -r1.8 -r1.9
  *** security_tips.html	1997/06/04 11:42:58	1.8
  --- security_tips.html	1997/07/02 02:22:03	1.9
  ***************
  *** 170,176 ****
  --- 170,182 ----
    >UserDir</A>
    directive; setting it to something like <SAMP>&quot;./&quot;</SAMP>
    would have the same effect, for root, as the first example above.
  + If you are using Apache 1.3 or above, we strongly recommend that you
  + include the following line in your server configuration files:
    </P>
  + <DL>
  +  <DD><SAMP>UserDir&nbsp;disabled&nbsp;root</SAMP>
  +  </DD>
  + </DL>
    
    <HR>
    <P>Please send any other useful security tips to The Apache Group
  
  
  
  1.8       +49 -20    apache/htdocs/manual/mod/mod_userdir.html
  
  Index: mod_userdir.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_userdir.html,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -C3 -r1.7 -r1.8
  *** mod_userdir.html	1997/06/04 16:14:24	1.7
  --- mod_userdir.html	1997/07/02 02:22:04	1.8
  ***************
  *** 33,45 ****
    <strong>Status:</strong> Base<br>
    <strong>Module:</strong> mod_userdir<br>
    <strong>Compatibility:</strong> All forms except the <code>UserDir
  ! public_html</code> form are only available in Apache 1.1 or above.<p>
    
    The UserDir directive sets the real directory in a user's home directory
    to use when a request for a document for a user is received.
  ! <em>Directory</em> is either <code>disabled</code>, to disable
this feature,
  !  or the name of a directory, following one of the following
  ! patterns. If not disabled, then a request for
    <code>http://www.foo.com/~bob/one/two.html</code> will be translated to:
    <pre>
    UserDir public_html     -> ~bob/public_html/one/two.html
  --- 33,69 ----
    <strong>Status:</strong> Base<br>
    <strong>Module:</strong> mod_userdir<br>
    <strong>Compatibility:</strong> All forms except the <code>UserDir
  ! public_html</code> form are only available in Apache 1.1 or above.  Use
  ! of the <SAMP>enabled</SAMP> keyword, or <SAMP>disabled</SAMP>
with a
  ! list of usernames, is only available in Apache 1.3 and above.<p>
    
    The UserDir directive sets the real directory in a user's home directory
    to use when a request for a document for a user is received.
  ! <em>Directory/filename</em> is one of the following:
  ! </P>
  ! <UL>
  !  <LI>The name of a directory or a pattern such as those shown below.
  !  </LI>
  !  <LI>The keyword <SAMP>disabled</SAMP>.  This turns off <EM>all</EM>
  !   username-to-directory translations except those explicitly named with
  !   the <SAMP>enabled</SAMP> keyword (see below).
  !  </LI>
  !  <LI>The keyword <SAMP>disabled</SAMP> followed by a space-delimited
  !   list of usernames.  Usernames that appear in such a list will
  !   <EM>never</EM> have directory translation performed, even if they
  !   appear in an <SAMP>enabled</SAMP> clause.
  !  </LI>
  !  <LI>The keyword <SAMP>enabled</SAMP> followed by a space-delimited
list
  !   of usernames.  These usernames will have directory translation
  !   performed even if a global disable is in effect, but not if they also
  !   appear in a <SAMP>disabled</SAMP> clause.
  !  </LI>
  ! </UL>
  ! <P>
  ! If neither the <SAMP>enabled</SAMP> nor the <SAMP>disabled</SAMP>
  ! keywords appear in the <SAMP>Userdir</SAMP> directive, the argument is
  ! treated as a filename pattern, and is used to turn the name into a
  ! directory specification.  A request for
    <code>http://www.foo.com/~bob/one/two.html</code> will be translated to:
    <pre>
    UserDir public_html     -> ~bob/public_html/one/two.html
  ***************
  *** 52,74 ****
    UserDir http://www.foo.com/*/usr   -> http://www.foo.com/bob/usr/one/two.html
    UserDir http://www.foo.com/~*/     -> http://www.foo.com/~bob/one/two.html
    </pre>
  - 
  - <P>
  - <STRONG>
  - Be careful when using this directive; for instance, <SAMP>&quot;UserDir
  - ./&quot;</SAMP> would map <SAMP>&quot;/~root&quot;</SAMP>
to
  - <SAMP>&quot;/&quot;</SAMP> - which is probably undesirable.  See also
  - the
  - <A
  -  HREF="core.html#directory"
  - >&lt;Directory&gt;</A>
  - directive and the
  - <A
  -  HREF="../misc/security_tips.html"
  - >Security Tips</A>
  - page for more information.
  - </STRONG>
    </P>
    
    <!--#include virtual="footer.html" -->
    </BODY>
  --- 76,103 ----
    UserDir http://www.foo.com/*/usr   -> http://www.foo.com/bob/usr/one/two.html
    UserDir http://www.foo.com/~*/     -> http://www.foo.com/~bob/one/two.html
    </pre>
    </P>
  + <BLOCKQUOTE>
  +  <STRONG>
  +  Be careful when using this directive; for instance,
  +  <SAMP>&quot;UserDir&nbsp;./&quot;</SAMP> would map
  +  <SAMP>&quot;/~root&quot;</SAMP> to 
  +  <SAMP>&quot;/&quot;</SAMP> - which is probably undesirable.  If you
are
  +  running Apache 1.3 or above, it is strongly recommended that your
  +  configuration include a
  +  &quot;<SAMP>UserDir&nbsp;disabled&nbsp;root</SAMP>&quot;
declaration.
  +  See also
  +  the
  +  <A
  +   HREF="core.html#directory"
  +  >&lt;Directory&gt;</A>
  +  directive and the
  +  <A
  +   HREF="../misc/security_tips.html"
  +  >Security Tips</A>
  +  page for more information.
  +  </STRONG>
  + </BLOCKQUOTE>
    
    <!--#include virtual="footer.html" -->
    </BODY>
  
  
  

Mime
View raw message