You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Haywood Jaablowme <Ha...@gmail.com> on 2004/09/16 18:48:06 UTC
[users@httpd] How to restrict access??!
I'm trying to restrict access to certain subfolders, but its not
working correctly for me.
What am I doing wrong? I am using apache 2.0.51 on WinXP SP2.
I'm trying to get it so that when a visitor goes to blog.domain.com/index.php,
the page correctly displays images and other include files used.
But if the visitor directs their browser to blog.domain.com/images/image.gif
or blog.domain.com/inc/inc.php - it should not let them access the file(s).
Here is a part of my httpd.conf
--------------------------------------------------------------------------------------------
<Directory "F:/Apache2/htdocs">
Options -Indexes FollowSymLinks
IndexIgnore *
AllowOverride None
Order Allow,Deny
Deny from all
Allow from my.server.ip.address
</Directory>
<Directory "F:/Apache2/htdocs/www">
IndexIgnore *
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
<VirtualHost my.server.ip.address>
ServerName www.domain.com
DocumentRoot F:/Apache2/htdocs/www
ServerAlias www
</VirtualHost>
<Directory "F:/Apache2/htdocs/blog">
IndexIgnore *
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
<VirtualHost my.server.ip.address>
ServerName blog.domain.com
DocumentRoot F:/Apache2/htdocs/blog
ServerAlias blog
</VirtualHost>
<Directory "F:/Apache2/htdocs/blog/*">
Options -Indexes -FollowSymLinks +SymLinksIfOwnerMatch
IndexIgnore *
AllowOverride None
Order Deny,Allow
Deny from all
Allow from my.server.ip.address
</Directory>
--------------------------------------------------------------------------------------------
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to restrict access??!
Posted by Joshua Slive <js...@gmail.com>.
On Thu, 16 Sep 2004 11:48:06 -0500, Haywood Jaablowme
<ha...@gmail.com> wrote:
> I'm trying to restrict access to certain subfolders, but its not
> working correctly for me.
> What am I doing wrong? I am using apache 2.0.51 on WinXP SP2.
>
> I'm trying to get it so that when a visitor goes to blog.domain.com/index.php,
> the page correctly displays images and other include files used.
> But if the visitor directs their browser to blog.domain.com/images/image.gif
> or blog.domain.com/inc/inc.php - it should not let them access the file(s).
Note that what you want can't be done in a 100% effictive way, because
each request looks independent to the server. Apache can't tell if an
image is accessed directly or embedded in a page.
But there is a commonly-used technique that is somewhat effective:
check the Referer HTTP header. See the "prevent image theft" example:
http://httpd.apache.org/docs-2.0/env.html#examples
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org