Sign In/My Account | View Cart  

advertisement

AddThis Social Bookmark Button

Article:
  Apache Web Serving with Jaguar, Part 3
Subject:   User Directory Access
Date:   2003-04-23 13:05:55
From:   anonymous2
The Deny and Allow rule changes don't have any impact on outside access to the user site directories.
Full Threads Oldest First

Showing messages 1 through 5 of 5.

  • Kevin Hemenway photo User Directory Access
    2003-04-23 13:08:59  Kevin Hemenway | O'Reilly AuthorO'Reilly Blogger [View]

    Correct. Nor should they. The GatesMcFaddenCo intranet didn't like ugly ~username URLs, so they switched to Apache's DocumentRoot, which is what the Allow/Deny's are configured for.
    • Kevin Hemenway photo User Directory Access
      2003-04-23 13:16:52  Kevin Hemenway | O'Reilly AuthorO'Reilly Blogger [View]

      In rereading your intent (instead of mine), yeah, if someone on the GatesMcFaddenCo machine launched their own user site, it'd be wide open to anyone. The fix to properly protect the entire site / machine (not just Apache's DocumentRoot) is:

      <Directory /Users>
      Deny from all
      </Directory>

      This is more in line with what the text suggests, but isn't conducive to per-user site directories. In a later part of the series, I talk about user configuration and directories (poor, poor Patti), and you'll see an example of Allow/Deny there.
      • User Directory Access
        2003-04-23 18:19:24  anonymous2 [View]

        Thanks for the quick feedback and deft interpretation of my somewhat minimalist comment.
        • User Directory Access
          2003-05-06 15:45:36  anonymous2 [View]

          Just a quick question;

          I am trying to set up apache so it can only be acessed by people on the coporate lan - ie 10.0.0.0/8 addresses - but if I replace "gatesmcfarlene" with the ip address range above, plus include one for localhost, I cannot access apache when I am connect on the coporate lan --- no issue if I unplug ..

          Have checked the documentation at apache site - but I think I'm missing something.

          Can't wait for the rest of the series ..
          • allowing address ranges
            2003-05-12 23:42:00  anonymous2 [View]

            "I am trying to set up apache so it can only be acessed by people on the coporate lan - ie 10.0.0.0/8 addresses"

            Just specify the partial string for the address range, which in your case would be "10."

            Allow from 10.