RE: [users@httpd] Protecting certain cgi-bin subdirectories

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> You need to read:
> http://httpd.apache.org/docs/2.2/sections.html
I've read that section and also the section on the order in which the
directives are applied, but what I'm seeing doesn't seem to match the
documentation, in my opinion.

> You'll find that <Directory> automatically protects subdirectories, so you
> don't need that <DirectoryMatch> complication.  You'll also find that the
> order of processing is important.
I perhaps hadn't made clear what it was that I'm after:
/cgi-bin 		- open without password protection
/cgi-bin/admin	- password protected; only user "Swifty"
/cgi-bin/anyotherdir - password protected; any user
This seems to require at least one wildcard so that the subdirectories are
protected without the cgi-bin directory being protected.  I couldn't find a
way to achieve this with the <Directory> statement. I tried:

<Directory /var/www/cgi-bin/*>	# Protects cgi-bin as well
<Directory /var/www/cgi-bin/?> 	# Doesn't protect cgi-bin/users
<Directory /var/www/cgi-bin/?*>	# Protects cgi-bin as well! (how?)
<Directory /var/www/cgi-bin/?*/>	# Protects cgi-bin as well! (how?)
<Directory /var/www/cgi-bin/*/*>	# Protects cgi-bin as well! (how?)
<Directory /var/www/cgi-bin/?*/*>	# Protects just subdirectories, 
                                    # But overrides admin directory

I just cannot see how the statements above marked "how?" can match
/var/www/cgi-bin but somehow they do. They all seem to require matching at
least one character beyond the end of /var/www/cgi-bin

> Replacing the <DirectoryMatch> with <Directory> will probably fix your 
> main problem as well, since it will cause the second Require directive to 
> be processed last, overriding the first one, rather than vis-versa.

I wish this were so, but I simply cannot find a combination that works.

Steve Swift
http://www.swiftys.org.uk



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux