You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Dan Buckley <db...@kettering.edu> on 2002/09/18 16:46:38 UTC
[users@httpd] limiting ASP scripting
We are running apache on a unix box with SunONE ASP installed. I would
like to set aside a group of folders where ASP scripting wasn't
allowed, for security reasons. Those mainly being database access, but
also access to application and session variables. I am not aware of a
way to restrict the parsing of ASP in certain directories, but I am a
fairly new Apache user. Has anyone done this before?
Thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] limiting ASP scripting
Posted by Jacob Coby <jc...@listingbook.com>.
> We are running apache on a unix box with SunONE ASP installed. I would
> like to set aside a group of folders where ASP scripting wasn't
> allowed, for security reasons. Those mainly being database access, but
> also access to application and session variables. I am not aware of a
> way to restrict the parsing of ASP in certain directories, but I am a
> fairly new Apache user. Has anyone done this before?
You can deny *.asp using a Files directive:
<Files ~ "\.asp$">
Order allow,deny
Deny from all
</Files>
I'm I'm not mistaken (and I could be), you should be able to stick that in a
directory block and be able to deny asp files in certain directories.
If the ASP module has some sort of Options interface, you could put an
Options -ASPParsing directive in the Directory block, but that will only
serve to allow people to download .asp files fron those dirs. not a good
thing if your files have passwords in them :)
-Jacob
http://www.listingbook.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org