homepage Welcome to WebmasterWorld Guest from 54.243.23.129
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
Forum Library, Charter, Moderators: bakedjake

Linux, Unix, and *nix like Operating Systems Forum

    
Restricting directory file access
Tommybs




msg:3677918
 7:32 pm on Jun 18, 2008 (gmt 0)

Hello all,

Does anyone know if there is a way to use .htaccess or a .conf file to specify that only certain file types can be accessed from a directory?

i.e

only allow people access to images in a image folder even if it contained a a number of other file types?

I know you can use a files directive to say only allow authenticated users access to certain file types but this is kind of the other way around. If I had an upload directory that I only want people to add images to (and uploads would be validated first) and if that was somehow compromised this could prevent them accessing their evilfile.ext (whatever extension they use)

Many Thanks

 

Samizdata




msg:3679895
 10:03 pm on Jun 20, 2008 (gmt 0)

Probably a question for the Apache forum.

I didn't test this .htaccess so it's entirely theoretical but it might inspire you:

# Turn on mod_rewrite
RewriteEngine On
# If request is for images folder
RewriteCond %{REQUEST_URI} ^/images/
# But not for an image filetype
RewriteCond %{REQUEST_URI} !\.(jpg¦gif¦png)$
# Nothing to see here
RewriteRule .* - [F]

Some server configurations require a FollowSymlinks option to be set for the RewriteEngine and the broken pipes in the code should be replaced with solid ones.

...

Tommybs




msg:3680099
 9:04 am on Jun 21, 2008 (gmt 0)

Thanks alot, that worked a treat.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Linux, Unix, and *nix like Operating Systems
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved