Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
.htaccess security
- To: TLUG Mailing List <tlug@example.com>
- Subject: .htaccess security
- From: Josh Glover <jmglov@example.com>
- Date: Fri, 15 Jun 2001 06:54:02 -0400 (EDT)
- Content-Transfer-Encoding: 8bit
- Content-Type: text/plain; charset=ISO-8859-1
- Reply-To: tlug@example.com
- Resent-From: tlug@example.com
- Resent-Message-ID: <rn9I6B.A.lbB.hkeK7@example.com>
- Resent-Sender: tlug-request@example.com
- User-Agent: IMP/PHP IMAP webmail program 2.2.4
As I was playing around with a new web app that I'm working on, I realised that I did not want web clients to be able to view my config files. This led me into some Apache security issues, which have made my web server a much safer thing. However, I have a little problem. What I want to do in my httpd.conf is: <Files ~ ".+"> Order Deny,Allow Deny from all </Files> And then in aru .htaccess, allow only certain things: <Files ~ "\.(p?html|gif|jpe?g)"> Order Deny,Allow Allow from all </Files> OK, this works well, all except for one little thing. When requesting "[<dir>]/", apache denies access. Damn. Apparently the <Files> directive is evaluated before the DirectoryIndex option (which is in httpd.conf). I like my deny by default policy, but I want / to work properly. Does anyone know how I can make this work? I RTFM'd the Apache docs pretty well, but I may have missed something. Onegaishimasu! ;) --------------------------------------------------- "No segfault, no problem." Josh Glover jmglov@example.com ---------------------------------------------------
- Prev by Date: Re: load balancers?
- Next by Date: RE: Nomikai attendance list
- Prev by thread: Re: load balancers?
- Next by thread: fake or heartbeat
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |