Re: Re[4]: apache FollowSymLinks and SymLinksIfOwnerMatch question

To: <debian-user@lists.debian.org>
Subject: Re: Re[4]: apache FollowSymLinks and SymLinksIfOwnerMatch question
From: "nate" <debian-user@aphroland.org>
Date: Thu, 26 Sep 2002 10:23:12 -0700 (PDT)
Message-id: <[🔎] 2726.216.39.174.24.1033060992.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] 20020926172049.DE98.PAHUD@ezplay.tv>
References: <[🔎] 20020926172049.DE98.PAHUD@ezplay.tv>

Patrick Hsieh said:

> OK. What I mean is, since I have to turn on FollowSymLinks. I wish apache
> only follow the symblic links under /var/www

> Sorry for the poor explaination.

no problem. now I know exactly what you want and its easy to do,
in access.conf (or httpd.conf whatever you want to use) make a new
directory access control for the directory / (root). set the default
access to that directory to DENY. that will prevent apache from providing
access to *ANY* file outside of the directories specified in the configuration
be it by symlink or anything else. I do this on most of my servers.

something like

<Directory />
    Options None
    AllowOverride None
    order deny,allow
    deny from all
</Directory>

this may break some things on your system(s) if files being accessed
are outside of the directories, in which case you'll have to add
those directories to the config file and restart apache.

nate

Reply to:

References:
- Re[4]: apache FollowSymLinks and SymLinksIfOwnerMatch question
  - From: Patrick Hsieh <pahud@ezplay.tv>

Prev by Date: Re: workstations syslogging to server
Next by Date: Re: OT: Alternatives to ls for sorting files by modification time
Previous by thread: Re[4]: apache FollowSymLinks and SymLinksIfOwnerMatch question
Next by thread: Re: apache FollowSymLinks and SymLinksIfOwnerMatch question
Index(es):
- Date
- Thread