You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Haywood Jaablowme <Ha...@gmail.com> on 2004/09/12 07:10:24 UTC
[users@httpd] access/restriction help needed please!!
Hello, I'm running Apache 2.0.50 with PHP 5.01 on my windows XP (SP2).
Everything is running just fine so far, but I'd like to implement
better security on my server. For example, I am running a
preprogrammed PHP script on
one of my subdomains. The script has its own include directory. I do
not want to have to move the include directory and go and change all
the PHP scripts so that they work with the change. Instead, what I
would like is to be able to configure Apache so that only the server
itself has rights to that include directory (and sub directories &
files).
http://blog.domain.com/ is ok to be initially accessed by visitors
but
http://blog.domain.com/includes/ should return a 401 or 403 error
YET the server itself should be able to call on this directory, sub
directories, and their files without any problems.
So if http://blog.domain.com/index.php uses another file or image from
within http://blog.domain.com/includes/ there shouldnt be any
problems, everything should go as planned, but if a visitor actually
directs their browser to a file or image, they'll receive an error.
http://blog.domain.com/includes/images/image.gif should return 401 or
403 for people who try to browse to it directly, but
http://blog.domain.com/index.php can use it without any problems.
I have tried to change the access on the include directory, but when I
do that, the server itself wont display the images or use the files
either.
the following is what I have on my httpd.conf file
--------------------------------------------------------------------------------
NameVirtualHost my.server.ip.address
<Directory "F:/Apache2/htdocs">
Options -Indexes FollowSymLinks
IndexIgnore *
AllowOverride None
Order Allow,Deny
Deny from all
Allow from my.server.ip.address
</Directory>
<Directory "F:/Apache2/htdocs/includes">
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
IndexIgnore *
AllowOverride None
Order Deny,Allow
Deny from all
Allow from my.server.ip.address
</Directory>
<Directory "F:/Apache2/htdocs/www">
IndexIgnore *
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
<VirtualHost my.server.ip.address>
ServerName www.domain.com
DocumentRoot F:/Apache2/htdocs/www
ServerAlias www
</VirtualHost>
<Directory "F:/Apache2/htdocs/blog">
IndexIgnore *
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
<VirtualHost my.server.ip.address>
ServerName blog.domain.com
DocumentRoot F:/Apache2/htdocs/blog
ServerAlias blog
</VirtualHost>
<Directory "F:/Apache2/htdocs/blog/*">
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
IndexIgnore *
AllowOverride None
Order Deny,Allow
Deny from all
Allow from my.server.ip.address
</Directory>
--------------------------------------------------------------------------------
I created my own includes folder to be used on my server at
/htdocs/includes and set permissions for it (havent tested it yet),
but the includes folders in question here are at
/htdocs/blog/inc
/htdocs/blog/images
etc etc
What am I doing wrong here? Please help!
I'm not sure if I signed up for this mail group correctly, so please
send replies to haywood.jaablowme@gmail.com
thanks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org