httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frederic Fery <Fred.F...@uts.edu.au>
Subject [users@httpd] block url - rewrite or proxy?
Date Fri, 13 Dec 2002 05:13:53 GMT
Hi

I am new to apache, so sorry if it's a dumb question

We are running Filemaker pro on OS X server (Jaguar) using webcompanion

Filemaker is on port 591, Apache port 80 with Web Connector to do some SSL

I have some security concerns about sharing filemaker databases with 
webcompanion. The issue is with the XML dso_xml tag (and -raw)

Anyone can type in their web browser address bar, something like:

http://yourhost:591/FMPro?-db=database.fp5&-format=-dso_xml&-findall

this will reveal all the fields from your database in their browser, not 
really good when you have confidential information...

WHAT I WOULD LIKE:
when people are typing &-format=-dso_xml&-findall they would get go 
nowhere (403.html)

What is the best way to do it: proxy, apache rewrite?
And how do you implement it?

I have tried to set up a proxy (in server settings web->sites->proxy) 
but it didn't work
also, if you could give me some apache rewrite examples for -format=-dso_xml

thanks
Frederic
-- 
Frederic Fery
Faculty Web Master

http://www.dab.uts.edu.au
http://www.nmh.uts.edu.au
http://www.hss.uts.edu.au
http://www.utsgallery.uts.edu.au
http://www.techtrain.uts.edu.au

University of Technology, Sydney.
Ph: 02 9514 89 37



UTS CRICOS Provider Code:  00099F

DISCLAIMER
========================================================================
This email message and any accompanying attachments may contain
confidential information.  If you are not the intended recipient, do not
read, use, disseminate, distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message. Any views expressed in this message
are those of the individual sender, except where the sender expressly,
and with authority, states them to be the views the University of
Technology Sydney. Before opening any attachments, please check them for
viruses and defects.
========================================================================



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message