httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Koen Vingerhoets" <koen.vingerho...@ubench.com>
Subject RE: [users@httpd] securing a file -one by one the penguins take my sanity away
Date Thu, 29 Aug 2002 08:23:07 GMT
Hi,

no access indeed... because of the Deny from all in the <Directory "c:/ibm
http server/htdocs">
I don't even know how you can get there... NO FILE from us is in there, only
standard junk, no virtual host points to it.  And yet that's what you open
when you reach our Apache.

I cleaned out all the VH's, only the IP one remains.
No effect

*cries*

Um I'm going to file IBM a bug report again... WebSphere users group
answered with 30 out of office replies :(

Thanks for the help.

Koen

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com]
Sent: 28 August 2002 13:03
To: koen.vingerhoets@ubench.com
Subject: RE: [users@httpd] securing a file -one by one the penguins take
my sanity away


When I try to access http://212.123.31.37/ i get denied so I think your Deny
is working..

I don't think there is anything wrong with the server - it is still your
config which is wrong. I think you are getting into the directory via the
other VH: Take a look at your VHs:

<VirtualHost 212.123.31.37>
ServerName ubtest01
DocumentRoot d:/WebAppWas
ServerPath d:/WebAppWas

<Directory "d:/WebAppWas/Ubclaims/web/jsp/admin">
	AllowOverride AuthConfig
</Directory>

</VirtualHost>

<VirtualHost www.ubcar.com>
ServerName ubtest01
DocumentRoot d:/WebAppWas
ServerPath d:/WebAppWas
</VirtualHost>

<VirtualHost localhost>
ServerName ubtest01
DocumentRoot d:/WebAppWas
ServerPath d:/WebAppWas
</VirtualHost>


These are a bit of a mess, I'm afraid. You should only use IP addresses in
<VirtualHost> tags for clarity. For example, does www.ubcar.com ->
212.123.31.37? If so, how do you expect to distinguish these VHs? Are you
trying to do name-based VHing? If so, where is your NameVirtualHost
directive?

Anway, why have you three VHs all pointing to the same DocumentRoot?

Think very carefully what you are trying to achieve, reduce the number of
VHs to the minimum consistent with this and try again - I can't just tell
you what to do because I don't understnad the totality of what you are
trying to do..

Rgds,

Owen boyle


>-----Original Message-----
>From: Koen Vingerhoets [mailto:koen.vingerhoets@ubench.com]
>Sent: Mittwoch, 28. August 2002 12:43
>To: Boyle Owen
>Subject: RE: [users@httpd] securing a file -one by one the
>penguins take
>my sanity away
>
>
>Hi,
>
>I'll answer the comments first :)
>
>Note: I DO use WebSphere Administration Server to run the
>site, it sits on
>top of IBM HTTP Server (Apache).
>
>1) The rewrite rule:
>I didn't define one... and I didn't made a typo neither, it's
>the URL copy
>pasted and the path copy pasted, I just doublechecked.  I know
>it's weird,
>to say the least... when an error occurs, it also shows
>//jsp/... , as if
>the web exists but disappears in thin air.
>
>2) slashes
>all changed...
>no effect
>
>3) virtual host
>added <dir> in virtual host...
>no effect
>I want to see whether I can just reach the directory where the
>files are
>in... now everyone can walk in and out of the reset.jsp :s
>
>4) allowoverride
>I don't use it for the moment, but i changed it to AuthConfig
>no effect..
>
>I guess it's time to file a second bug report to IBM
>(remember the first one?? gz files opening in htdocs dir but NOT under
>WebSphere)
>
>tip: fire the first person in your company that uses the word
>WebSphere,
>saves you a lot of time
>
>Thanks for all the help!
>
>Koen
>
>
>
>-----Original Message-----
>From: Boyle Owen [mailto:Owen.Boyle@swx.com]
>Sent: 28 August 2002 11:30
>To: users@httpd.apache.org; koen.vingerhoets@ubench.com
>Subject: RE: [users@httpd] securing a file -one by one the
>penguins take
>my sanity away
>
>
>See comments,
>
>Rgds,
>Owen Boyle
>
>>-----Original Message-----
>>From: Koen Vingerhoets [mailto:koen.vingerhoets@ubench.com]
>>
>>I want to secure this file:
>>http://212.123.31.37/ubclaims/jsp/admin/reset.jsp
>>
>>It's located in this directory:
>>d:\WebAppWas\ubclaims\web\jsp\admin\reset.jsp
>
>Unless you have some funny rewrite rule this won't work. Your
>filesystem
>doesn't map onto your URL-space correctly. How it works is that:
>
>http://server-name/dir1/dir2/file1 --> "DocumentRoot"/dir1/dir2/file1
>
>So your URL will map to "DocumentRoot"/ubclaims/jsp/admin/reset.jsp.
>However, you can see that this is not a valid path on your
>filesystem since
>you have and extra directory in the way ("web"). If we assume your
>DocumentRoot = "d:\WebAppWas" then the URL should be
>http://212.123.31.37/ubclaims/web/jsp/admin/reset.jsp. Maybe you made a
>typo...
>
>
>>Even if I deny access to d:\WebAppWas (where ALL our files
>>are), I still can
>>walk in in the application...
>>
>>Since this could take like forever over mail (or at least
>>until Doomsday), I
>>just attached the httpd.conf file.
>
>I don't normally do this (pore over peoples' config files...)
>but I liked
>your joke about smacking the Belgian hacker yesterday :-) So
>I'd make the
>following comments:
>
>- As Joshua says, fix the backslash/forward slash mix. Use
>only unix-like
>forward-slashes (i.e. "/") in pathnames. It actually says this in the
>comments in httpd.conf...
>
>- 	<Directory "d:/WebAppWas/Ubclaims/web/jsp/admin">
>		Deny from all
>	</Directory>
>
>has to go inside the VH that it applies to - currently you
>have it in the
>main config where it is ignored because this directory isn't
>under the main
>config DocumentRoot. However, all it will do is deny access to this
>direcrtory - which is not what you ultimately want.
>
>- MAIN PROBLEM
>
>You have "AllowOverride None" in the main config which
>disables reading of
>.htaccess files. This is OK but you have to switch it back on
>again with
>"AllowOverride AuthConfig" in the directory container above.
>
>
>
>
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message