Help with disabling directory access - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Help with disabling directory access

Newbie at apache just need some direction...

factorypower

4:02 pm on May 16, 2005 (gmt 0)

10+ Year Member

We have apache 1.3.27 running on our X serve setup currently to host multiple sites with on IP address using a vitual sever setup...

I was going through and changing the UNIX CHMOD for all the directories on our site to 771 so that users could not see our folder structure... but I have encountered a problem with some other web software that needs to have directory level read access to operate properly so I need to have the CHMOD set to 775 which opens everything up again. SO...

I was told to go into apache and change the Directory tag to limit the access to folders...

This is what I am planning on using:

<Directory />
Order Deny,Allow
Deny from All
Allow from #*$!.#*$!.xxx.xx
</Directory>

Will this do what I want it to do... which is return the users a page like below: (with the exception of that lone IP address listed)

Forbidden

You don't have permission to access /AdDesk/Htmlfiles/Readers/ on this server.

Apache/1.3.27 Server at www.engleonline.com Port 80

Thanks in advance for all input!

N. Lamb

jdMorgan

7:32 pm on May 16, 2005 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

N. Lamb,

Welcome to WebmasterWorld!

I believe that all you need to do is to set


Options -Indexes

See Apache core Options [httpd.apache.org]

Jim

factorypower

8:23 pm on May 16, 2005 (gmt 0)

10+ Year Member

Ok Thanks,

One follow up question.

Do I need to specify that for every directory or can it be a server wide thing with one rule... and then if for some reason I want to have a specific directory visible I could specify that one to be shown?

Here is the code I plan on using:

<Directory />
Options Indexes
Order Deny,Allow
Deny from All
Allow from #*$!.#*$!.#*$!.xx
</Directory>

Would this do the trick for the entire server? And is the syntax correct?

Thanks,

N. Lamb

sitz

1:12 am on May 17, 2005 (gmt 0)

10+ Year Member

You'll likely want to leave the 'deny from all' config for <Directory />, and place your 'allow' directives in the <Directory /path/to/DocumentRoot> container. While the config you supplied will work, it's generally a good idea leave the 'block everything' config in the <Directory /> container.

factorypower

12:48 pm on May 17, 2005 (gmt 0)

10+ Year Member

Ok Now I think I am getting it (maybe)?

Here is my planned code:

<Directory />
Order Deny,Allow
Deny from All
Allow from 111.111.111.11
</Directory>

<Directory /Library/WebServer/Documents>
Options Indexes
</Directory>

And syntax wise this if fine? Cause I have seen some other code that has the directoy name inside of double quotes ("/Library/WebServer/Documents" )

Other than that I believe I am ready to test this out...

Thanks,

N. Lamb

factorypower

4:18 pm on May 17, 2005 (gmt 0)

10+ Year Member

I tried the code below and got a access denied error for the whole server...

<Directory />
Order Deny,Allow
Deny from All
Allow from 111.111.111.11
</Directory>

<Directory /Library/WebServer/Documents>
Options Indexes
</Directory>

Here is the code I think I am going to try next...

<Directory /Library/WebServer/Documents>
Order Deny,Allow
Deny from All
Allow from 111.111.111.11
</Directory>

<Directory />
Options Indexes
</Directory>

In my way of thinking this should "lock down" the specified folder listed in the first Directory and then the second directory should do the Option Indexes for all of the folders under the root? Is this correct thinking?