Recipe 6.26 Restricting Access to Files Outside Your Web Root

Problem

You want to make sure that files outside of your web directory are not accessible.

Solution

For Unixish systems:

<Directory />     Order deny,allow     Deny from all     AllowOverride None     Options None </Directory>

For Windows systems:

<Directory C:/>     Order deny,allow     Deny from all     AllowOverride None     Options None </Directory>

Repeat for each drive letter on the system.

Discussion

Good security technique is to deny access to everything, and then selectively permit access where it is needed. By placing a Deny from all directive on the entire filesystem, you ensure that files cannot be loaded from any part of your filesystem unless you explicitly permit it, using a Allow from all directive applied to some other <Directory> section in your configuration.

If you wanted to create an Alias to some other section of your filesystem, you would need to explicitly permit this with the following:

Alias /example /var/example <Directory /var/example>     Order allow,deny     Allow from all </Directory>

See Also

  • http://httpd.apache.org/docs/mod/mod_access.html



Apache Cookbook
Apache Cookbook: Solutions and Examples for Apache Administrators
ISBN: 0596529945
EAN: 2147483647
Year: 2006
Pages: 215

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net