Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 42481 invoked from network); 19 Mar 2007 20:25:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Mar 2007 20:25:50 -0000 Received: (qmail 66785 invoked by uid 500); 19 Mar 2007 20:25:42 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 66766 invoked by uid 500); 19 Mar 2007 20:25:42 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 66741 invoked by uid 99); 19 Mar 2007 20:25:42 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Mar 2007 13:25:41 -0700 X-ASF-Spam-Status: No, hits=2.3 required=10.0 tests=HTML_FONT_BIG,HTML_MESSAGE,UNPARSEABLE_RELAY X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [12.18.177.40] (HELO foundry.frontierflying.com) (12.18.177.40) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Mar 2007 13:25:29 -0700 X-Warning: RFC compliance checks disabled due to whitelist X-Warning: Reverse-Path DNS check skipped due to whitelist X-Warning: Maximum message size check skipped due to whitelist X-Warning: Realtime Block Lists skipped due to whitelist X-Warning: System filters skipped due to whitelist X-Warning: Domain filters skipped due to whitelist X-Warning: User filters skipped due to whitelist X-Warning: Anti-Spam check skipped due to whitelist X-Whitelist: 2147483645 X-Envelope-From: israel@frontierflying.com X-Envelope-To: users@httpd.apache.org Received: From approach.frontierflying.com (12.18.177.49) by foundry.frontierflying.com (MAILFOUNDRY) id 7azgYNZXEduFrQAw for users@httpd.apache.org; Mon, 19 Mar 2007 20:25:07 -0000 (GMT) Received: from [10.9.1.59] (israel.frontierflying.com [10.9.1.59]) by approach.frontierflying.com (8.11.7/8.11.7) with ESMTP id l2JKP7h14112 for ; Mon, 19 Mar 2007 11:25:07 -0900 Mime-Version: 1.0 (Apple Message framework v752.3) In-Reply-To: <2E8AE992B157C0409B18D0225D0B476304C579D3@XCH-VN01.sph.ad.jhsph.edu> References: <942522.61795.qm@web51102.mail.re2.yahoo.com> <2E8AE992B157C0409B18D0225D0B476304C579D3@XCH-VN01.sph.ad.jhsph.edu> Content-Type: multipart/alternative; boundary=Apple-Mail-1-607694130 Message-Id: From: Israel Brewster Date: Mon, 19 Mar 2007 12:25:05 -0800 To: users@httpd.apache.org X-Mailer: Apple Mail (2.752.3) X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Restrict access to folders --Apple-Mail-1-607694130 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=WINDOWS-1252; delsp=yes; format=flowed On Mar 19, 2007, at 11:43 AM, Zembower, Kevin wrote: > Maybe I'm missing something here, but =85 > > > > If neither PersonalSite nor ProfessionalSite contain any links to =20 > the other, and if they both contain an =91index.html=92 file to =20 > suppress automatic index generation, then users won=92t be able to =20 > browse from one site to the other. > > > > Am I missing something? > > > > -Kevin If I read the question right, what you are missing is what happens if =20= someone currently at www.myDomainName.com/PersonalSite decides to =20 delete the /PersonalSite part of the URL, leaving them at =20 www.myDomainName.com/ At that point (given no index.html file at root =20= level and indexing enabled) they would be able to see both the =20 PersonalSite and the ProfessionalSite directories, and navigate to =20 either one. This also assumes that the physical directory structure =20 of the site is set up with a root level folder containing both the =20 PersonalSite folder and ProfessionalSite folder. As this is a lot of =20 assumptions, I suspect that one or more would not hold up for any =20 given site (for example, I would think most sites would have an =20 index.html at root), and as such, there may not be an issue. =20 However, if I am wrong, and assuming my understanding of the issue is =20= correct, then I see a number of possibilities to restrict this behavior: 1) Place an index.html file at the root level of the server that does =20= not contain links to ProfessionalSite and/or PersonalSite 2) Restrict access to the root level entirely using a Deny from ALL =20 directive, which is then over-ridden in your ProfesionalSite and =20 PersonalSite directories using an Allow from ALL directive (I think =20 that would work) 3) Place your PersonalSite and ProfesionalSite directories outside of =20= the webserver root directory, and use Alias directives to point /=20 PersonalSite and /ProfessionalSite to them. That way even if you can =20 list the root level directory, neither site will show up Those, at least, are what I can think of off the top of my head. =20 There may be other/better options, depending on your site layout, =20 requirements, and other stuff about Apache I don't know. ----------------------------------------------- Israel Brewster Computer Support Technician Frontier Flying Service Inc. 5245 Airport Industrial Rd Fairbanks, AK 99709 (907) 450-7250 x293 ----------------------------------------------- > From: nat.colley@yahoo.com [mailto:nat.colley@yahoo.com] > Sent: Monday, March 19, 2007 1:55 PM > To: users@httpd.apache.org > Subject: Re: [users@httpd] Restrict access to folders > > > > Hey Bruce, I'm a newbie and I'm interested in this question, too, =20 > so thanks for asking. > > ----- Original Message ---- > From: Bruce Hyatt > To: users@httpd.apache.org > Sent: Monday, March 19, 2007 12:42:37 PM > Subject: [users@httpd] Restrict access to folders > > Sorry, this is probably a tired newbie question. I've read the =20 > httpd.conf file and browsed the archives but haven't found what I'm =20= > looking for. If you could just point me in the right direction I'd =20 > be really happy. > > I want to set up something similar to virtual hosts but I only have =20= > one domain name. > > What I have in mind and I believe I've seen before is: > > www.myDomainName.com/PersonalSite > www.myDomainName.com/ProfessionalSite > > set up so that people can't navigate up to the root, see the other =20 > site and navigate to it. I don't want to have to restrict the =20 > individual sites to password access. > > TIA, > Bruce > > _______________________________________________ > No banners. No pop-ups. No kidding. > Make My Way your home on the Web - http://www.myway.com > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server =20 > Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > > > > > We won't tell. Get more on shows you hate to love > (and love to hate): Yahoo! TV's Guilty Pleasures list. > > --Apple-Mail-1-607694130 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=WINDOWS-1252
On Mar 19, 2007, at = 11:43 AM, Zembower, Kevin wrote:

Maybe I'm missing = something here, but =85

=A0

If neither PersonalSite nor ProfessionalSite contain any = links to the other, and if they both contain an =91index.html=92 file to = suppress automatic index generation, then users won=92t be able to = browse from one site to the other.Am I missing = something?

=A0

-Kevin

If I read the question right, what you are missing is what happens if = someone currently at=A0www.myDomainName.com/PersonalSite=A0decides to delete the /PersonalSite part of the URL, leaving them = at=A0www.myDomainName.com/ At that point (given no index.html file at = root level and indexing enabled) they would be able to see both the = PersonalSite and the ProfessionalSite directories, and navigate to = either one. This also assumes that the physical directory structure of = the site is set up with a root level folder containing both the = PersonalSite folder and ProfessionalSite folder. As this is a lot of = assumptions, I suspect that one or more would not hold up for any given = site (for example, I would think most sites would have an index.html at = root), and as such, there may not be an issue.=A0 However, if I am = wrong, and assuming my understanding of the issue is correct, then I see = a number of possibilities to restrict this = behavior:




Those, at least, are what I = can think of off the top of my head. There may be other/better options, = depending on your site layout, requirements, and other stuff about = Apache I don't know.

-----------------------------------------------

Israel = Brewster
Computer Support=A0Technician
Frontier Flying Service = Inc.
5245 Airport Industrial Rd
Fairbanks, AK = 99709
(907) 450-7250 = x293
-----------------------------------------------

nat.colley@yahoo.com [mailto:nat.colley@yahoo.com] =
Monday, March 19, = 2007 1:55 PM
= users@httpd.apache.org
Re: [users@httpd] = Restrict access to folders

=A0

Hey Bruce, I'm a newbie and I'm interested in = this question, too, so thanks for asking.

----- Original Message = ----
From: Bruce Hyatt <bjhyatt@myway.com>
To: users@httpd.apache.org
Sent: Monday, March 19, 2007 12:42:37 = PM
Subject: [users@httpd] Restrict access to = folders

Sorry, this is probably a tired newbie question. I've = read the httpd.conf file and browsed the archives but haven't found what = I'm looking for. If you could just point me in the right direction I'd = be really happy.

I want to set up something similar to virtual = hosts but I only have one domain name.

What I have in = mind and I believe I've seen before is:

www.myDomainName.com/PersonalSite

set up so that people can't navigate up to the root, = see the other site and navigate to it. I don't want to have to restrict = the individual sites to password access.

TIA,
Bruce

No banners. No pop-ups. No kidding.
Make My Way=A0=A0your home on the Web - http://www.myway.com



The official User-To-User support forum of the Apache = HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To = unsubscribe, e-mail: users-unsubscribe@httpd= .apache.org
=A0=A0 "=A0=A0 = from the digest: users-digest-uns= ubscribe@httpd.apache.org
For additional = commands, e-mail: users-help@httpd.apache.org

=A0

=A0

We won't tell. Get more on shows you hate to = love
(and love to hate): Yahoo! TV's Guilty = Pleasures list.



<= /HTML>= --Apple-Mail-1-607694130--