httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bruce Hyatt"<bjhy...@myway.com>
Subject Re: [users@httpd] Restrict access to folders SOLVED
Date Mon, 19 Mar 2007 21:55:19 GMT

Israel, that was my question exactly. I should be able to get one of these methods to work.
Thank you.

Bruce

--- On Mon 03/19, Israel Brewster < israel@frontierflying.com > wrote:

If I read the question right, what you are missing is what happens if someone currently at
www.myDomainName.com/PersonalSite decides to delete the /PersonalSite part of the URL, leaving
them at www.myDomainName.com/ At that point (given no index.html file at root level and indexing
enabled) they would be able to see both the PersonalSite and the ProfessionalSite directories,
and navigate to either one. This also assumes that the physical directory structure of the
site is set up with a root level folder containing both the PersonalSite folder and ProfessionalSite
folder. As this is a lot of assumptions, I suspect that one or more would not hold up for
any given site (for example, I would think most sites would have an index.html at root), and
as such, there may not be an issue.  However, if I am wrong, and assuming my understanding
of the issue is correct, then I see a number of possibilities to restrict this behavior:

1) Place an index.html file at the root level of the server that does not contain links to
ProfessionalSite and/or PersonalSite

2) Restrict access to the root level entirely using a Deny from ALL directive, which is then
over-ridden in your ProfesionalSite and PersonalSite directories using an Allow from ALL directive
(I think that would work)

3) Place your PersonalSite and ProfesionalSite directories outside of the webserver root directory,
and use Alias directives to point /PersonalSite and /ProfessionalSite to them. That way even
if you can list the root level directory, neither site will show up

Those, at least, are what I can think of off the top of my head. There may be other/better
options, depending on your site layout, requirements, and other stuff about Apache I don't
now.

_______________________________________________
No banners. No pop-ups. No kidding.
Make My Way  your home on the Web - http://www.myway.com



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message