Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
protecting web directories in apache2
2 views
Skip to first unread message
Zachary Uram
Nov 27, 2012, 11:20:01 AM11/27/12
to
Running Apache2 on Debian testing release. Say I have a directory
http://www.website.org/files/
And I want to let a user download a file:
http://www.website.org/files/example.txt
But I don't want them to be able to browse the directory and see the
other files in there.
So how can I protect the directory?
Zach
--
http://www.fidei.org
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/CAPu6UvCcocJ_E0v26fZTgv99...@mail.gmail.com
http://www.website.org/files/
And I want to let a user download a file:
http://www.website.org/files/example.txt
But I don't want them to be able to browse the directory and see the
other files in there.
So how can I protect the directory?
Zach
--
http://www.fidei.org
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/CAPu6UvCcocJ_E0v26fZTgv99...@mail.gmail.com
François TOURDE
Nov 27, 2012, 11:30:03 AM11/27/12
to
Le 15671ième jour après Epoch,
Zachary Uram écrivait:
> Running Apache2 on Debian testing release. Say I have a directory
> http://www.website.org/files/
> And I want to let a user download a file:
> http://www.website.org/files/example.txt
> But I don't want them to be able to browse the directory and see the
> other files in there.
> So how can I protect the directory?
Maybe you can use Linux File System rights:
chmod a=x files
and give the complete path to the user. Not sure Apache will accept, but
on a non-readable dir, you can access files if the dir is 'x'
(i.e. traversal)
Not tested.
HTH
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/87txsbo...@tourde.org
Zachary Uram écrivait:
> Running Apache2 on Debian testing release. Say I have a directory
> http://www.website.org/files/
> And I want to let a user download a file:
> http://www.website.org/files/example.txt
> But I don't want them to be able to browse the directory and see the
> other files in there.
> So how can I protect the directory?
chmod a=x files
and give the complete path to the user. Not sure Apache will accept, but
on a non-readable dir, you can access files if the dir is 'x'
(i.e. traversal)
Not tested.
HTH
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Sylvain Berfini
Nov 27, 2012, 11:40:02 AM11/27/12
to
Hi,
A .htaccess seems to be the solution for your problem.
Regards.
Sylvain Berfini
Software Engineer at Belledonne Communications
A .htaccess seems to be the solution for your problem.
Regards.
Sylvain Berfini
Software Engineer at Belledonne Communications
Le 27/11/2012 16:54, Zachary Uram a écrit :
> Running Apache2 on Debian testing release. Say I have a directory
> http://www.website.org/files/
> And I want to let a user download a file:
> http://www.website.org/files/example.txt
> But I don't want them to be able to browse the directory and see the
> other files in there.
> So how can I protect the directory?
>
> Zach
>
--
> Running Apache2 on Debian testing release. Say I have a directory
> http://www.website.org/files/
> And I want to let a user download a file:
> http://www.website.org/files/example.txt
> But I don't want them to be able to browse the directory and see the
> other files in there.
> So how can I protect the directory?
>
> Zach
>
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/50B4E88D...@belledonne-communications.com
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Kushal Kumaran
Nov 27, 2012, 12:00:03 PM11/27/12
to
Zachary Uram <net...@gmail.com> writes:
> Running Apache2 on Debian testing release. Say I have a directory
> http://www.website.org/files/
> And I want to let a user download a file:
> http://www.website.org/files/example.txt
> But I don't want them to be able to browse the directory and see the
> other files in there.
> So how can I protect the directory?
>
Turn off the Indexes option for the directory. See documentation for
> Running Apache2 on Debian testing release. Say I have a directory
> http://www.website.org/files/
> And I want to let a user download a file:
> http://www.website.org/files/example.txt
> But I don't want them to be able to browse the directory and see the
> other files in there.
> So how can I protect the directory?
>
the Options directive.
--
regards,
kushal
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Robert Pommrich
Nov 27, 2012, 12:00:03 PM11/27/12
to
Am 27.11.2012 17:25, schrieb François TOURDE:
> Le 15671ième jour après Epoch,
> Zachary Uram écrivait:
>
>> Running Apache2 on Debian testing release. Say I have a directory
>> http://www.website.org/files/
>> And I want to let a user download a file:
>> http://www.website.org/files/example.txt
>> But I don't want them to be able to browse the directory and see the
>> other files in there.
>> So how can I protect the directory?
>
Just remove Indexes from the Options block in your conf file.
> Le 15671ième jour après Epoch,
> Zachary Uram écrivait:
>
>> Running Apache2 on Debian testing release. Say I have a directory
>> http://www.website.org/files/
>> And I want to let a user download a file:
>> http://www.website.org/files/example.txt
>> But I don't want them to be able to browse the directory and see the
>> other files in there.
>> So how can I protect the directory?
>
> Maybe you can use Linux File System rights:
>
>
> Not tested.
>
Obviously.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Tony Baldwin
Nov 28, 2012, 6:10:02 PM11/28/12
to
On Tue, Nov 27, 2012 at 10:24:09PM +0530, Kushal Kumaran wrote:
> Zachary Uram <net...@gmail.com> writes:
>
> > Running Apache2 on Debian testing release. Say I have a directory
> > http://www.website.org/files/
> > And I want to let a user download a file:
> > http://www.website.org/files/example.txt
> > But I don't want them to be able to browse the directory and see the
> > other files in there.
> > So how can I protect the directory?
> >
>
> Turn off the Indexes option for the directory. See documentation for
> the Options directive.
For that matter, you can make an index.html
> Zachary Uram <net...@gmail.com> writes:
>
> > Running Apache2 on Debian testing release. Say I have a directory
> > http://www.website.org/files/
> > And I want to let a user download a file:
> > http://www.website.org/files/example.txt
> > But I don't want them to be able to browse the directory and see the
> > other files in there.
> > So how can I protect the directory?
> >
>
> Turn off the Indexes option for the directory. See documentation for
> the Options directive.
that doesn't list anything in there.
./tony
--
http://www.tonybaldwin.me
all tony, all the time!
3F330C6E
0 new messages