william kelley created ABDERA-398:
-------------------------------------
Summary: Need simple subfolder access control to allow ONLY
indirect access
Key: ABDERA-398
URL: https://issues.apache.org/jira/browse/ABDERA-398
Project: Abdera
Issue Type: Bug
Affects Versions: 1.1.2, 1.1.1, 1.1, 1.0, 0.4.0, 0.3.0, 0.2.2, 1.1.3, 1.2
Reporter: william kelley
On the web I have found literally dozens of questions on this, and not one
single simple solution, and most web solutions dont (always) work.
Everyone has a need to prevent access to the wrong files, and usually can stick
them in a subfolder. Often you have no control on where the subfolder can be,
meaning it is indeed a subfolder of the web site root folder.
What everyone wants, is to say, no one can DIRECTLY access subfolder foo,
but my files, such as <root>/index.php CAN access foo.
The allow/deny mechanism appears to have no way to say this, which is clearly
where it should be controlled.
It appears if the allow/deny mechanism always treats access from
request directly to foo folder
exactly the same as
request to index.php which accesses subfolder foo, which is the desired working
route.
Allow from <mysite.com> does not work, I'm guessing because allow can only test
the requesting ip/hostname.
How hard is it to have a keyword for
Deny <direct access>?
or
Allow <local access>?
or
AllowIndirect all
or
Allow allIndirect
or
you are clever, pick what you like and make it easy to say.
If I am missing something simple that "fixes" this, it is not from lack of
spending days, not hours, looking for this.
Something this basic and universal should be able to be expressed by a not very
expert at all person, in one or two lines.
I am a programmer of some decades, and I expect this could be fixed in a day,
maybe 2, by someone familiar with internals.
If the solution is out there, it is well hidden.
thanks for reading.
Replies invited.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
