You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by Rodent of Unusual Size <co...@hyperreal.org> on 1997/07/02 04:22:05 UTC
cvs commit: apache/htdocs/manual/mod mod_userdir.html
coar 97/07/01 19:22:05
Modified: htdocs/manual/misc security_tips.html
htdocs/manual/mod mod_userdir.html
Log:
Add documentation of new syntaxes for UserDir {disable|enable}, and
a nod in the security_tips for "UserDir disabled root".
Revision Changes Path
1.9 +6 -0 apache/htdocs/manual/misc/security_tips.html
Index: security_tips.html
===================================================================
RCS file: /export/home/cvs/apache/htdocs/manual/misc/security_tips.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -C3 -r1.8 -r1.9
*** security_tips.html 1997/06/04 11:42:58 1.8
--- security_tips.html 1997/07/02 02:22:03 1.9
***************
*** 170,176 ****
--- 170,182 ----
>UserDir</A>
directive; setting it to something like <SAMP>"./"</SAMP>
would have the same effect, for root, as the first example above.
+ If you are using Apache 1.3 or above, we strongly recommend that you
+ include the following line in your server configuration files:
</P>
+ <DL>
+ <DD><SAMP>UserDir disabled root</SAMP>
+ </DD>
+ </DL>
<HR>
<P>Please send any other useful security tips to The Apache Group
1.8 +49 -20 apache/htdocs/manual/mod/mod_userdir.html
Index: mod_userdir.html
===================================================================
RCS file: /export/home/cvs/apache/htdocs/manual/mod/mod_userdir.html,v
retrieving revision 1.7
retrieving revision 1.8
diff -C3 -r1.7 -r1.8
*** mod_userdir.html 1997/06/04 16:14:24 1.7
--- mod_userdir.html 1997/07/02 02:22:04 1.8
***************
*** 33,45 ****
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_userdir<br>
<strong>Compatibility:</strong> All forms except the <code>UserDir
! public_html</code> form are only available in Apache 1.1 or above.<p>
The UserDir directive sets the real directory in a user's home directory
to use when a request for a document for a user is received.
! <em>Directory</em> is either <code>disabled</code>, to disable this feature,
! or the name of a directory, following one of the following
! patterns. If not disabled, then a request for
<code>http://www.foo.com/~bob/one/two.html</code> will be translated to:
<pre>
UserDir public_html -> ~bob/public_html/one/two.html
--- 33,69 ----
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_userdir<br>
<strong>Compatibility:</strong> All forms except the <code>UserDir
! public_html</code> form are only available in Apache 1.1 or above. Use
! of the <SAMP>enabled</SAMP> keyword, or <SAMP>disabled</SAMP> with a
! list of usernames, is only available in Apache 1.3 and above.<p>
The UserDir directive sets the real directory in a user's home directory
to use when a request for a document for a user is received.
! <em>Directory/filename</em> is one of the following:
! </P>
! <UL>
! <LI>The name of a directory or a pattern such as those shown below.
! </LI>
! <LI>The keyword <SAMP>disabled</SAMP>. This turns off <EM>all</EM>
! username-to-directory translations except those explicitly named with
! the <SAMP>enabled</SAMP> keyword (see below).
! </LI>
! <LI>The keyword <SAMP>disabled</SAMP> followed by a space-delimited
! list of usernames. Usernames that appear in such a list will
! <EM>never</EM> have directory translation performed, even if they
! appear in an <SAMP>enabled</SAMP> clause.
! </LI>
! <LI>The keyword <SAMP>enabled</SAMP> followed by a space-delimited list
! of usernames. These usernames will have directory translation
! performed even if a global disable is in effect, but not if they also
! appear in a <SAMP>disabled</SAMP> clause.
! </LI>
! </UL>
! <P>
! If neither the <SAMP>enabled</SAMP> nor the <SAMP>disabled</SAMP>
! keywords appear in the <SAMP>Userdir</SAMP> directive, the argument is
! treated as a filename pattern, and is used to turn the name into a
! directory specification. A request for
<code>http://www.foo.com/~bob/one/two.html</code> will be translated to:
<pre>
UserDir public_html -> ~bob/public_html/one/two.html
***************
*** 52,74 ****
UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html
UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html
</pre>
-
- <P>
- <STRONG>
- Be careful when using this directive; for instance, <SAMP>"UserDir
- ./"</SAMP> would map <SAMP>"/~root"</SAMP> to
- <SAMP>"/"</SAMP> - which is probably undesirable. See also
- the
- <A
- HREF="core.html#directory"
- ><Directory></A>
- directive and the
- <A
- HREF="../misc/security_tips.html"
- >Security Tips</A>
- page for more information.
- </STRONG>
</P>
<!--#include virtual="footer.html" -->
</BODY>
--- 76,103 ----
UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html
UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html
</pre>
</P>
+ <BLOCKQUOTE>
+ <STRONG>
+ Be careful when using this directive; for instance,
+ <SAMP>"UserDir ./"</SAMP> would map
+ <SAMP>"/~root"</SAMP> to
+ <SAMP>"/"</SAMP> - which is probably undesirable. If you are
+ running Apache 1.3 or above, it is strongly recommended that your
+ configuration include a
+ "<SAMP>UserDir disabled root</SAMP>" declaration.
+ See also
+ the
+ <A
+ HREF="core.html#directory"
+ ><Directory></A>
+ directive and the
+ <A
+ HREF="../misc/security_tips.html"
+ >Security Tips</A>
+ page for more information.
+ </STRONG>
+ </BLOCKQUOTE>
<!--#include virtual="footer.html" -->
</BODY>