Recipe 6.26 Restricting Access to Files Outside Your Web Root

Previous page
Table of content
Next page

Problem

You want to make sure that files outside of your web directory are not accessible.

Solution

For Unixish systems:

<Directory />     Order deny,allow     Deny from all     AllowOverride None     Options None </Directory>

For Windows systems:

<Directory C:/>     Order deny,allow     Deny from all     AllowOverride None     Options None </Directory>

Repeat for each drive letter on the system.

Discussion

Good security technique is to deny access to everything, and then selectively permit access where it is needed. By placing a Deny from all directive on the entire filesystem, you ensure that files cannot be loaded from any part of your filesystem unless you explicitly permit it, using a Allow from all directive applied to some other <Directory> section in your configuration.

If you wanted to create an Alias to some other section of your filesystem, you would need to explicitly permit this with the following:

Alias /example /var/example <Directory /var/example>     Order allow,deny     Allow from all </Directory>

See Also

  • http://httpd.apache.org/docs/mod/mod_access.html


Previous page
Table of content
Next page
Apache Cookbook
Apache Cookbook: Solutions and Examples for Apache Administrators
ISBN: 0596529945
EAN: 2147483647
Year: 2006
Pages: 215
Authors: Rich Bowen, Ken Coar
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
CISSP Exam Cram 2
The .NET Developers Guide to Directory Services Programming
Lotus Notes and Domino 6 Development (2nd Edition)
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Visual C# 2005 How to Program (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy