Re: protecting web directories in apache2

To: debian-user@lists.debian.org
Subject: Re: protecting web directories in apache2
From: fra-du@tourde.org (François TOURDE)
Date: Tue, 27 Nov 2012 17:25:04 +0100
Message-id: <[🔎] 87txsbovxb.fsf@tourde.org>
In-reply-to: <[🔎] CAPu6UvCcocJ_E0v26fZTgv996vuqi4qkhGs3PRDDx-QFYZqw8Q@mail.gmail.com> (Zachary Uram's message of "Tue, 27 Nov 2012 10:54:43 -0500")
References: <[🔎] CAPu6UvCcocJ_E0v26fZTgv996vuqi4qkhGs3PRDDx-QFYZqw8Q@mail.gmail.com>

Le 15671ième jour après Epoch,
Zachary Uram écrivait:

> Running Apache2 on Debian testing release. Say I have a directory
> http://www.website.org/files/
> And I want to let a user download a file:
> http://www.website.org/files/example.txt
> But I don't want them to be able to browse the directory and see the
> other files in there.
> So how can I protect the directory?

Maybe you can use Linux File System rights:

  chmod a=x files

and give the complete path to the user. Not sure Apache will accept, but
on a non-readable dir, you can access files if the dir is 'x'
(i.e. traversal)

Not tested.

HTH

Reply to:

Follow-Ups:
- Re: protecting web directories in apache2
  - From: Robert Pommrich <robert.pommrich@gmx.de>

References:
- protecting web directories in apache2
  - From: Zachary Uram <netrek@gmail.com>

Prev by Date: Re: how many users is enough? (was Re: Debian Installer 7.0 Beta4 release)
Next by Date: Re: protecting web directories in apache2
Previous by thread: protecting web directories in apache2
Next by thread: Re: protecting web directories in apache2
Index(es):
- Date
- Thread