httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Re: Directory Listing: Ignoring all but one file/pattern - is that possible?
Date Mon, 05 Jan 2004 17:13:13 GMT
> -----Original Message-----
> From: Robert Andersson [mailto:robert@profundis.nu]
> 
> > Conversely, if you Deny access to a file but do not IndexIgnore it,
> > it will appear in the listing but cannot be requested - you 
> get a 403.
> 
> At least in Apache 2.0 (as Rich confirmed) there is this 
> piece of code in
> the function make_autoindex_entry() in mod_autoindex.c:

I tested 1.3 but, checking back, the original poster is using 2.0. It
seems there is significantly different behaviour between 1.3 and 2.0 on
this point. Personally, I'm not sure I like this - it's a bit too
clever... What happens if you *want* to list the files publically but
also want to control access? I'd rather have to think a bit but have
complete freedom than not have to think and have things decided for me.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
>     if (ignore_entry(d, ap_make_full_path(r->pool,
>                                           r->filename, 
> dirent->name))) {
>         return (NULL);
>     }
> 
>     if (!(rr = ap_sub_req_lookup_dirent(dirent,
>                                         r, AP_SUBREQ_NO_ARGS, 
> NULL))) {
>         return (NULL);
>     }
> 
> I assume that the last conditional will evaluate to false 
> (and thus not list
> the entry) if access is denied to the file. I know this to be 
> true if the
> file cannot be found (404), as I investigated a bug in that 
> area a while
> ago.
> 
> If I am not mistaking then, you should be able to control 
> both access as
> well as the listing by any means available to that end.
> 
> Another way might be to match (with mod_rewrite or 
> RedirectMatch) access to
> the directory without a query string and redirect or rewrite to
> "/?P=<pattern>", which seems possible according to
> http://httpd.apache.org/docs-2.0/mod/mod_autoindex.html (it would, of
> course, not truely hide any files).
> 
> Regards,
> Robert Andersson
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message