Paths

["TD - Sales International Holland B.V." <td...@salesint.com>]

Hey there,

small question.... I didn't see much about this in the docs.... In the config 
you set permissions for the directory / (not the URL /) I wonder why this is? 
In my eyes if I set documentroot to for instance /var/www/HTML or something a 
client should be able to get out of the /var/www/HTML or is it possible to 
make a URL domain.tld/../../../ or something? I tried it on my server but 
appearantly it redirects me because the ../../../ just falls of the URL.

Also I noticed something strange in the docs... don't exactly remember which 
page. Anyways it was about user dirs. if you had (assuming standard locations 
etc) domain.tld/~user you'd go to /home/user/public_html however in the docs 
it said if you'd do domain.tld/~root you wouldn't go to /root/public_html but 
to /public_html is that an error in the docs? I would suppose it'd go to 
/root/public_html (just curious, i didn't compile the userdir mod anyways)

Regards

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Paths

[Joshua Slive <jo...@slive.ca>]

On Fri, 25 Jan 2002, TD - Sales International Holland B.V. wrote:

> Hey there,
>
> small question.... I didn't see much about this in the docs.... In the config
> you set permissions for the directory / (not the URL /) I wonder why this is?
> In my eyes if I set documentroot to for instance /var/www/HTML or something a
> client should be able to get out of the /var/www/HTML or is it possible to
> make a URL domain.tld/../../../ or something? I tried it on my server but
> appearantly it redirects me because the ../../../ just falls of the URL.

Properly functional webservers will not let you use ".." to get out of the
webspace.  The server administrator can, however, use symbolic links,
Aliases and other tricks to bring various parts of the filesystem into the
web space.  See
http://httpd.apache.org/docs/urlmapping.html
The purpose of the <Directory /> section is to prevent the server
administrator from accidentally allowing access to an area that he didn't
want to, and to provide defaults for all the other areas of the server.

> Also I noticed something strange in the docs... don't exactly remember which
> page. Anyways it was about user dirs. if you had (assuming standard locations
> etc) domain.tld/~user you'd go to /home/user/public_html however in the docs
> it said if you'd do domain.tld/~root you wouldn't go to /root/public_html but
> to /public_html is that an error in the docs? I would suppose it'd go to
> /root/public_html (just curious, i didn't compile the userdir mod anyways)

That depends entirely on how root's home directory is configured in
/etc/passwd.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org