>>> jslive@xxxxxxxxx 11/14/2005 6:52:00 PM >>>
On 11/14/05, Brent Herring <brenth@xxxxxxx> wrote:
>> I'm having a problem with Apache directory restrictions that I have
>> not found this same issue in the FAQ or archives. I get the feeling
>> that the problem may be my lack of understanding of some
>> fundamental function of the server.
>>
> > I have a certain directory to which access is restricted by IP subnet.
>> For example, only clients from 192.168.66.* can access the files in
>> the restricted directory. This actually works fine when clients attempt
>> to directly access the directory. If they are not in the proper IP subnet
>> then access is denied.
>>
>> The problem is this: Many pages on the web site are accessed by a Perl
>> script. The script writes out the page template that is the same for all the
>> pages on the site, and then reads in the data for each individual page
>> from individual html files on the server. If you attempt to access a file in
>> the restricted directory using the script the web server directory restrictions
>> are ignored and the file is displayed.
>>
>> Is this what is supposed to happen? Since this isn't what I would like to
>> happen, can it be overcome?
> You haven't given details on how the script is accessed or configured,
> nor have you given useful things like log messages. But in general, it
> is safest to assure that *both* the script *and* the pages that it
> accesses are restricted using Allow/Deny directives. If you need more
> help, be more specific about what you are doing by giving us concrete
> examples.
>
> Joshua.
The script is accessed by a URL link such as this...
http://it.uca.edu/cgi-bin/cs.pl?DF=helpdesk.html
The script reads in the file like this...
open(inputfile, "<",$htmldir . $datafile);
@data = <inputfile>;
close(inputfile);
foreach $line (@data)
{
print $line;
}
There are no errors in the log because no error occurs. There is no configuration within the script. It is of the simplest form. It merely reads a file and writes text to the output.
The directory is restricted with the following Apache configuration entry
<Directory /srv/www/htdocs/restricted>
Order Deny,Allow
Deny from all
Allow from 161.31.66
</Directory>
Brent.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|