Hi, Could do with some guru guidance :)I'd like to only allow certain file extensions to be served without messing up my other host based allow/deny rules.
Right now I have this in my config:
(included into both :80 and :443 virtualhost sections)
# We will explicitly allow only certain file types being served
...
<FilesMatch "^.*$">
Deny from all
</FilesMatch>
<FilesMatch "^([^\.]+\.(html|css|js|crt|jpg|png|php|cgi))?$">
Include /etc/apache2/sites-available/common/allowfromhosts
Deny from all
</FilesMatch>
...
<Directory />
Order Allow,Deny
Deny from all
AllowOverride None
</Directory>
...
<Directory /vol/www/html>
Include /etc/apache2/sites-available/common/allowfromhosts
Deny from All
AllowOverride None
...
</Directory>
#########
And common/allowfromhosts contains:
Allow from 10.0.0.0/16 128.30.52.0/24
################
That works, but seems a little inelegant having to relegate the "allow
from IP" to an include file.
I could do it better if there was a "FilesNotMatch" directive or equivalent. The actual logic I want is:1) Unless the URL ends "/" OR "/*.ext" where ext is one of html, css, js etc, THEN categorically DENY access at all times IRRESPECTIVE of any other rules.
2) If that passes, then respect further allow/deny rules, eg the "allow from 10.0.0.0/16 128.30.52.0/24" BUT DENY from everyone else
Is there a better way? Many thanks in advance :) Cheers Tim --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|