httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Watts ...@dionic.net>
Subject [users@httpd] Combining deny and allow conditions
Date Tue, 01 Jun 2010 10:47:51 GMT
Hi,

Could do with some guru guidance :)

I'd like to only allow certain file extensions to be served without 
messing up my other host based allow/deny rules.

Right now I have this in my config:

(included into both :80 and :443 virtualhost sections)

# We will explicitly allow only certain file types being served

...
<FilesMatch "^.*$">
	Deny from all
</FilesMatch>

<FilesMatch "^([^\.]+\.(html|css|js|crt|jpg|png|php|cgi))?$">
Include /etc/apache2/sites-available/common/allowfromhosts
	Deny from all
</FilesMatch>
...
<Directory />
	Order Allow,Deny
         Deny from all
         AllowOverride None
</Directory>

...
<Directory /vol/www/html>
Include /etc/apache2/sites-available/common/allowfromhosts
	Deny from All
         AllowOverride None
...
</Directory>
#########

And common/allowfromhosts contains:

Allow from 10.0.0.0/16 128.30.52.0/24
################

That works, but seems a little inelegant having to relegate the "allow 
from IP" to an include file.

I could do it better if there was a "FilesNotMatch" directive or equivalent.

The actual logic I want is:

1) Unless the URL ends "/" OR "/*.ext" where ext is one of html, css, js 
etc, THEN categorically DENY access at all times IRRESPECTIVE of any 
other rules.

2) If that passes, then respect further allow/deny rules, eg the "allow 
from 10.0.0.0/16 128.30.52.0/24" BUT DENY from everyone else

Is there a better way?

Many thanks in advance :)

Cheers

Tim

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message