httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Israel Brewster <isr...@frontierflying.com>
Subject Re: [users@httpd] Restrict access to folders
Date Mon, 19 Mar 2007 20:25:05 GMT
On Mar 19, 2007, at 11:43 AM, Zembower, Kevin wrote:

> Maybe I'm missing something here, but …
>
>
>
> If neither PersonalSite nor ProfessionalSite contain any links to  
> the other, and if they both contain an ‘index.html’ file to  
> suppress automatic index generation, then users won’t be able to  
> browse from one site to the other.
>
>
>
> Am I missing something?
>
>
>
> -Kevin
If I read the question right, what you are missing is what happens if  
someone currently at www.myDomainName.com/PersonalSite decides to  
delete the /PersonalSite part of the URL, leaving them at  
www.myDomainName.com/ At that point (given no index.html file at root  
level and indexing enabled) they would be able to see both the  
PersonalSite and the ProfessionalSite directories, and navigate to  
either one. This also assumes that the physical directory structure  
of the site is set up with a root level folder containing both the  
PersonalSite folder and ProfessionalSite folder. As this is a lot of  
assumptions, I suspect that one or more would not hold up for any  
given site (for example, I would think most sites would have an  
index.html at root), and as such, there may not be an issue.   
However, if I am wrong, and assuming my understanding of the issue is  
correct, then I see a number of possibilities to restrict this behavior:

1) Place an index.html file at the root level of the server that does  
not contain links to ProfessionalSite and/or PersonalSite

2) Restrict access to the root level entirely using a Deny from ALL  
directive, which is then over-ridden in your ProfesionalSite and  
PersonalSite directories using an Allow from ALL directive (I think  
that would work)

3) Place your PersonalSite and ProfesionalSite directories outside of  
the webserver root directory, and use Alias directives to point / 
PersonalSite and /ProfessionalSite to them. That way even if you can  
list the root level directory, neither site will show up

Those, at least, are what I can think of off the top of my head.  
There may be other/better options, depending on your site layout,  
requirements, and other stuff about Apache I don't know.
-----------------------------------------------

Israel Brewster
Computer Support Technician
Frontier Flying Service Inc.
5245 Airport Industrial Rd
Fairbanks, AK 99709
(907) 450-7250 x293
-----------------------------------------------
> From: nat.colley@yahoo.com [mailto:nat.colley@yahoo.com]
> Sent: Monday, March 19, 2007 1:55 PM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Restrict access to folders
>
>
>
> Hey Bruce, I'm a newbie and I'm interested in this question, too,  
> so thanks for asking.
>
> ----- Original Message ----
> From: Bruce Hyatt <bjhyatt@myway.com>
> To: users@httpd.apache.org
> Sent: Monday, March 19, 2007 12:42:37 PM
> Subject: [users@httpd] Restrict access to folders
>
> Sorry, this is probably a tired newbie question. I've read the  
> httpd.conf file and browsed the archives but haven't found what I'm  
> looking for. If you could just point me in the right direction I'd  
> be really happy.
>
> I want to set up something similar to virtual hosts but I only have  
> one domain name.
>
> What I have in mind and I believe I've seen before is:
>
> www.myDomainName.com/PersonalSite
> www.myDomainName.com/ProfessionalSite
>
> set up so that people can't navigate up to the root, see the other  
> site and navigate to it. I don't want to have to restrict the  
> individual sites to password access.
>
> TIA,
> Bruce
>
> _______________________________________________
> No banners. No pop-ups. No kidding.
> Make My Way  your home on the Web - http://www.myway.com
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server  
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>
>
> We won't tell. Get more on shows you hate to love
> (and love to hate): Yahoo! TV's Guilty Pleasures list.
>
>


Mime
View raw message