httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Prud'hommeaux" <e...@w3.org>
Subject mod_dir mods for file-level access control
Date Thu, 12 Nov 1998 03:17:15 GMT
After underwhelming response from my last file-level access mods (see
Subject: mods for practical negotiation with file level access control
Date: Tue, 10 Nov 1998 11:35:42 -0500 (EST)),
I'm back with more diffs to furthur my single-interest agenda:

mod_dir takes a list of index files (like Overview,index) and serves them
when the client requests a uri ending in '/'. It calls
ap_sub_req_lookup_uri on each potential index file to find out whether it
exists and whether it is servable. It assumes that any non-OK status
indicates that the directory itself does not exist:

  if (rr->status && rr->status != HTTP_NOT_FOUND && rr->status !=
HTTP_OK)
      error_notfound = rr->status;

and returns this error_notfound at the end if it hasn't found another
index file that it can serve. This prevents mod_autoindex from serving the
directory listing if any index file requires auth.

I'm creating a system where users may allow any file to be visible. I have
sepparate rules for http://host/dir/ and http://host/dir/Overview.html. I
want to serve `ls /dir/*` if /dir/ is OK and /dir/Overview.html is
AUTH_REQUIRED. This may represent suficient abberation from "normal and
expected" behavior in the great webmaster collective unconscious that a
conf directive would be in order.

-eric

Mime
View raw message