You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Eric Prud'hommeaux <er...@w3.org> on 1998/11/12 04:17:15 UTC

mod_dir mods for file-level access control

After underwhelming response from my last file-level access mods (see
Subject: mods for practical negotiation with file level access control
Date: Tue, 10 Nov 1998 11:35:42 -0500 (EST)),
I'm back with more diffs to furthur my single-interest agenda:

mod_dir takes a list of index files (like Overview,index) and serves them
when the client requests a uri ending in '/'. It calls
ap_sub_req_lookup_uri on each potential index file to find out whether it
exists and whether it is servable. It assumes that any non-OK status
indicates that the directory itself does not exist:

  if (rr->status && rr->status != HTTP_NOT_FOUND && rr->status != HTTP_OK)
      error_notfound = rr->status;

and returns this error_notfound at the end if it hasn't found another
index file that it can serve. This prevents mod_autoindex from serving the
directory listing if any index file requires auth.

I'm creating a system where users may allow any file to be visible. I have
sepparate rules for http://host/dir/ and http://host/dir/Overview.html. I
want to serve `ls /dir/*` if /dir/ is OK and /dir/Overview.html is
AUTH_REQUIRED. This may represent suficient abberation from "normal and
expected" behavior in the great webmaster collective unconscious that a
conf directive would be in order.

-eric