httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brent Herring" <>
Subject Re: [users@httpd] Restricted directories
Date Mon, 21 Nov 2005 23:20:17 GMT

>>> 11/14/2005 6:52:00 PM >>>
On 11/14/05, Brent Herring <> wrote:
>> I'm having a problem with Apache directory restrictions that I have 
>> not found this same issue in the FAQ or archives. I get the feeling 
>> that the problem may be my lack of understanding of some 
>> fundamental function of the server.
> > I have a certain directory to which access is restricted by IP subnet. 
>> For example, only clients from 192.168.66.* can access the files in 
>> the restricted directory. This actually works fine when clients attempt 
>> to directly access the directory. If they are not in the proper IP subnet 
>> then access is denied.
>> The problem is this: Many pages on the web site are accessed by a Perl 
>> script. The script writes out the page template that is the same for all the 
>> pages on the site, and then reads in the data for each individual page 
>> from individual html files on the server. If you attempt to access a file in 
>> the restricted directory using the script the web server directory restrictions 
>> are ignored and the file is displayed.
>> Is this what is supposed to happen? Since this isn't what I would like to 
>> happen, can it be overcome?

> You haven't given details on how the script is accessed or configured, 
> nor have you given useful things like log messages.  But in general, it 
> is safest to assure that *both* the script *and* the pages that it 
> accesses are restricted using Allow/Deny directives.  If you need more 
> help, be more specific about what you are doing by giving us concrete 
> examples.
> Joshua.

The script is accessed by a URL link such as this...

The script reads in the file like this...

open(inputfile, "<",$htmldir . $datafile);
@data = <inputfile>;
foreach $line (@data)
	print $line;

There are no errors in the log because no error occurs. There is no configuration within the
script. It is of the simplest form. It merely reads a file and writes text to the output.

The directory is restricted with the following Apache configuration entry

<Directory /srv/www/htdocs/restricted>
Order Deny,Allow
Deny from all
Allow from 161.31.66


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message