apache 1.2.1: inconsistencies in <Directory>,<Location> etc.

apache 1.2.1: inconsistencies in <Directory>,<Location> etc.

Post by Marinos J. Yannik » Mon, 18 Aug 1997 04:00:00



I am trying to block access to all but a select few web pages for a
particular host. It seems that apache 1.2.1 handles some combinations
of <Directory>,<Location>,<Files> in a strange and apparently
inconsistant way (correct me if I'm wrong):

[Standard part]
DocumentRoot is /www

access.conf:
<Directory /www>
order allow,deny
allow from all
deny from some.*.host
</Directory>

No .htaccess files.

[Example #1]
<Location />
allow from all
</Location>

[Example #2]
<Files /www>
allow from all
</Files>

[Example #3]
<Files /www/>
allow from all
</Files>

[Example #4]
<Files /www/index.html>
allow from all
</Files>

In Example #1, access will be allowed for the blocked host to *all* pages,
except files included through server-side includes, .web files and possibly
others, even though I understand <Directory> to be recursive while <Location>
is not (at least it is not defined in the manual) and I don't see why
files accessed directly and included files should be treated differently..

In Example #2, access will be allowed for *all* pages, although the file
name "/www" should never be matched. Is the filename supposed to be the
full filename of the file belonging to the URL in the request (as it
should be, to my understanding), or something else?

In Example #3, access will be blocked for all pages, which is probably
correct but seems to contradict #2.

In Example #4, access will be blocked for all pages except
http://www.veryComputer.com/, but this contradicts my theory that
<Files> should be used with the full filename of the file which
is to be displayed (which, in case of http://www.veryComputer.com/,
but this access method will not work).

In any case, whether this is a bug or not, could someone please tell
me how to accomplish what I'm trying to do? (Block all pages except
for a few which I can supply either the locations or filenames for;
one of them is the "index.html" in the DocumentRoot directory, hence
the attempt to allow access to <Location />).

Thanks,
-nino
--
Please change the last part of my address to "at" if you're replying by mail.
``it's nice to be important, but it's more important to be nice''

 
 
 

apache 1.2.1: inconsistencies in <Directory>,<Location> etc.

Post by Marinos J. Yannik » Mon, 18 Aug 1997 04:00:00



>[how to deny access to all but a few pages to someone]
>DocumentRoot is /www

>access.conf:
><Directory /www>
>order allow,deny
>allow from all
>deny from some.*.host
></Directory>

I've found a solution for this problem, so, FYI, here it is:
DocumentRoot is /www

access.conf:
# note: no "deny from" here...
<Directory /www>
order allow,deny
allow from all
</Directory>

<Files /www/*>
deny from some.*.host
</Files>
# allow a few files
<Files /www/index.html>
allow from all
</Files>
<Files ...> (repeat for SSI'd files etc.)

The confusion was caused by the fact that after a "deny from" in the
<Directory> part, an explicit <Files /www> allow from all </Files> is
needed to be able to access the main server page, even if the file
which contains it is explicitly made available as shown above.

-nino
--
Please change the last part of my address to "at" if you're replying by mail.
``it's nice to be important, but it's more important to be nice''

 
 
 

1. <><><> MOUNTING EXTENDED PARTITION <><><>

I have a 10 GB UDMA IDE drive formatted with Windows.  The first partition
is FAT32, and the second is NTFS.  I can successfully mount the first, but
not the second.  Any ideas?

Suse 7.2 on i86
the drive is mounted on /dev/hdc, and I CAN see hda1, but not hda2

2. enabling incoming mail on Red Hat 8

3. Wanted: <><><> Unix Specialist <><><>

4. monitor

5. LILO help <><><><><><>

6. Squid dies very often!

7. Apache->DirectoryIndex in <Location> and <Directory> directives.

8. kde2/ probleme mit undefined symbols

9. <Alt>+<key> = <Esc><key> ?

10. *{<><>}*Linux*Screen*Difficulties*{<><>}*

11. << <<anyone using dyn-html?>> >>

12. enabling <Directory>..</Directory> and <Location>...</Location> in apache 1.1b4

13. (<><>)*Linux*Screen*Difficulties*(<><>)