<Directory />, deny access

<Directory />, deny access

Post by Gregor Rot, Linux operate » Thu, 24 Apr 1997 04:00:00



I included:

<Directory />
     Order deny,allow
     Deny from all
</Directory>

in my access.conf Apache file. If i make a link (ln -s / public_dir) i
still can access all the Unix partition. How can i prevent this? (the
upper command should do it, but why doesn't it work?)

                        Thanks in advance, Gregor
-----------------------------------
Gregor Rot              :)        
Cankarjeva 16           :=)      
5000 Nova Gorica        ::=  ?    
Tel.: +386 65 23-029              

http://www.s-gng.ng.edus.si/gregor
------------------------------------

 
 
 

<Directory />, deny access

Post by Marc Slemk » Fri, 25 Apr 1997 04:00:00



Quote:>I included:
><Directory />
>     Order deny,allow
>     Deny from all
></Directory>
>in my access.conf Apache file. If i make a link (ln -s / public_dir) i
>still can access all the Unix partition. How can i prevent this? (the
>upper command should do it, but why doesn't it work?)

If ~user/public_html/foo is a link to /, access to
http://server/~user/foo/etc/motd is done as if the structure were under
~user/foo, not under /.  This means that, for example, if ~user/foo
requires authentication, ~user/foo/etc/motd will also require
authentication.  If it were treated the way you expect it to,
it would not require authentication unless / or /etc did.

The basic idea is that a symbolic link makes one directory
appear like it is under another.  For better or worse, that is
the way Apache treats it.

The only way I can think of offhand to stop people from doing this
is to disable following symbolic links entirely ("Options
-FollowSymLinks", or just take out the FollowSymLinks from the
appropriate place) or partially (SymLinksIfOwnerMatch).

 
 
 

<Directory />, deny access

Post by Ralf S. Engelscha » Fri, 25 Apr 1997 04:00:00



Quote:> I included:
> <Directory />
>      Order deny,allow
>      Deny from all
> </Directory>
> in my access.conf Apache file. If i make a link (ln -s / public_dir) i
> still can access all the Unix partition. How can i prevent this? (the
> upper command should do it, but why doesn't it work?)

Seems like you have some "Options" set. Set it correctly to avoud symlinks and
additionally you should use a "AllowOverride None".

Greetings,
                                       Ralf S. Engelschall

                                       www.engelschall.com

 
 
 

<Directory />, deny access

Post by Bryan Har » Wed, 30 Apr 1997 04:00:00



Quote:

> I included:

> <Directory />
>      Order deny,allow
>      Deny from all
> </Directory>

> in my access.conf Apache file. If i make a link (ln -s / public_dir) i
> still can access all the Unix partition. How can i prevent this? (the
> upper command should do it, but why doesn't it work?)

>                         Thanks in advance, Gregor

Based on your explanation, try:

<Directory /path_to_symlink/public_dir>

instead.  The webserver _is_ disallowing access to /, but the sym link
makes it think it's in public_dir instead...

What you are doing would work if you use a ScriptAlias (srm.conf)
instead of a symlink.

The other option would be to disallow FollowSymLinks for all your
ScriptAliased directories.

Bryan
--
-------------------------------
|  Bryan Hart                
|  Network Products Engineer  
|  Engineering Animation Inc.
|  Phone: (515) 296-5979
|  Fax: (515) 296-7025

|  Web: http://www.eai.com/                          
-------------------------------
"A conclusion is simply the place where you got tired of thinking"

 
 
 

1. <><><> MOUNTING EXTENDED PARTITION <><><>

I have a 10 GB UDMA IDE drive formatted with Windows.  The first partition
is FAT32, and the second is NTFS.  I can successfully mount the first, but
not the second.  Any ideas?

Suse 7.2 on i86
the drive is mounted on /dev/hdc, and I CAN see hda1, but not hda2

2. XLC COMPILER PROBLEMS

3. Wanted: <><><> Unix Specialist <><><>

4. Custom log question

5. LILO help <><><><><><>

6. Slackware96 Permission Problem

7. httpd - Error: "Expected </Directory> but saw </Directory>"

8. SAMBA over PPP?

9. Apache SSI and <Directory> vs <Directory Match>

10. apache 1.3.1;aix4.3;Expected </Directory> but saw </Directory>

11. Expected </Directory> but saw </Directory>

12. <Alt>+<key> = <Esc><key> ?

13. *{<><>}*Linux*Screen*Difficulties*{<><>}*