Re: [users@httpd] Problem setting up mod_alias for an external folder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/11/05, Ken Tozier <kentozier@xxxxxxxxxxx> wrote:
> On Dec 11, 2005, at 1:17 PM, Joshua Slive wrote:
>
>
> > On 12/11/05, Ken Tozier <kentozier@xxxxxxxxxxx> wrote:
> >
> >
> >> Then when I type 'localhost/images/' or '127.0.0.1/images/' into a
> >> Safari or Firefox address bar, I get:
> >> "Forbidden
> >>
> >> You don't have permission to access /images/ on this server.
> >>
> >> Apache/1.3.33 Server at mycomputer.local Port 80"
> >>
> >> Does anyone know whether Mac OS Tiger has some additional settings
> >> somewhere that need to be changed to allow the above to work?
> >>
> >
> > Start here:
> > http://httpd.apache.org/docs/1.3/misc/FAQ.html#forbidden
> >
>
> Well that works on my test machine. Unfortunately, in the actual
> application, what I need to do is point Apache to an existing
> directory on a production server which contains the images I need to
> use. Moving or copying the tens of thousands of images to the Web
> server isn't an option. Installing another copy of Apache on the
> production server isn't an option and opening up the permissions of
> the entire production server hierarchy to the world isn't an option.
>
> Is there no way to target a specific folder without exposing the
> entire hierarchy it exists in? Could this be worked around with a
> custom module?

By "exposing the entire hierarchy" do you mean giving file-system
search permissions (chmod +x)?  If so, no, you can't work around this
in apache.  It has nothing to do with apache.  It is the file-system
that is denying access.  If apache can't get to the directory, there
is no way to serve the files.

In general, giving careful search permissions on the tree while
restricting read permissions should be perfectly safe in most
circumstances.  A possible alternative might be to do some fancy
file-system tricks like remounting that particular directory in its
own spot that isn't so tightly protected.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux