You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by ht...@karsites.net on 2005/12/29 16:48:15 UTC
[users@httpd] Filename Access
Hi all.
When I setup a directory to forbid access to it, and to the
files in the directory, I can still retrieve a file's
contents if I know the full file name.
Is this normal behaviour - or can I block access to these
unlisted files somehow?
Regards - Keith
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Filename Access
Posted by ht...@karsites.net.
I'm wondering if that could be the problem. Should it be
possible to stop files being served by the server with the
config I showed?
If so there must be some conflicts somewhere in my config
files.
Keith
On Thu, 29 Dec 2005, Sean Davis wrote:
> To: users@httpd.apache.org
> From: Sean Davis <sd...@mail.nih.gov>
> Subject: Re: [users@httpd] Filename Access
> Since you say that you have a complicated, multifile
> config, are you sure that you are actually reading this
> config file? Are you sure that you aren't later
> overriding it with another directive on the same
> directory?
>
> Sean
k
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Filename Access
Posted by Sean Davis <sd...@mail.nih.gov>.
On 12/29/05 1:31 PM, "httpd2@karsites.net" <ht...@karsites.net> wrote:
>
> Hi Sean.
>
> I'm usiing Apache 2 on SuSE Linux 9.2 pro.
>
> The config is split over many different files.
>
> I include my own custom config file that has different
> directory settings, such as:
>
>
> <Directory /srv/www/htdocs/KAR/websites/test/PHP>
> Options None
> Order deny,allow
> Deny from all
> <Files *.php>
> Order deny,allow
> Deny from all
> </Files>
> </Directory>
>
> But I can still access a php file called get_vars.php
> in the forbidden directory that displays the content of the
> $_SERVER array:
>
> <?php
> echo "<br />contents of \$_SERVER[] <br />";
> while(list($key, $value) = each($_SERVER))
> {
> echo "$key => $value <br />";
> }
> ?>
I'm not an apache expert, so I might be missing an obvious problem with your
config file, but it looks OK at first glance. Since you say that you have a
complicated, multifile config, are you sure that you are actually reading
this config file? Are you sure that you aren't later overriding it with
another directive on the same directory?
Sean
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Filename Access
Posted by ht...@karsites.net.
Hi Sean.
I'm usiing Apache 2 on SuSE Linux 9.2 pro.
The config is split over many different files.
I include my own custom config file that has different
directory settings, such as:
<Directory /srv/www/htdocs/KAR/websites/test/PHP>
Options None
Order deny,allow
Deny from all
<Files *.php>
Order deny,allow
Deny from all
</Files>
</Directory>
But I can still access a php file called get_vars.php
in the forbidden directory that displays the content of the
$_SERVER array:
<?php
echo "<br />contents of \$_SERVER[] <br />";
while(list($key, $value) = each($_SERVER))
{
echo "$key => $value <br />";
}
?>
Keith
On Thu, 29 Dec 2005, Sean Davis wrote:
> To: users@httpd.apache.org
> From: Sean Davis <sd...@mail.nih.gov>
> Subject: Re: [users@httpd] Filename Access
>
> It would be helpful if you let us know some details of the
> config file that you are using for the directory of
> interest.
>
> Sean
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Filename Access
Posted by Sean Davis <sd...@mail.nih.gov>.
On 12/29/05 10:48 AM, "httpd2@karsites.net" <ht...@karsites.net> wrote:
>
> Hi all.
>
> When I setup a directory to forbid access to it, and to the
> files in the directory, I can still retrieve a file's
> contents if I know the full file name.
>
> Is this normal behaviour - or can I block access to these
> unlisted files somehow?
Keith,
It would be helpful if you let us know some details of the config file that
you are using for the directory of interest.
Sean
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org