[
https://issues.apache.org/jira/browse/ABDERA-398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14095160#comment-14095160
]
Andreas Veithen commented on ABDERA-398:
----------------------------------------
bq. Forgive me if I took for granted you actually understood the protocol.
Forgive me if I took for granted that you knew how to use a bug tracker, but
you sent this to the wrong project: this is the bug tracker for the Apache
Abdera project, not the Apache HTTPD project.
> Need simple subfolder access control to allow ONLY indirect access
> ------------------------------------------------------------------
>
> Key: ABDERA-398
> URL: https://issues.apache.org/jira/browse/ABDERA-398
> Project: Abdera
> Issue Type: Bug
> Affects Versions: 0.2.2, 0.3.0, 0.4.0, 1.0, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.2
> Reporter: william kelley
>
> On the web I have found literally dozens of questions on this, and not one
> single simple solution, and most web solutions dont (always) work.
> Everyone has a need to prevent access to the wrong files, and usually can
> stick them in a subfolder. Often you have no control on where the subfolder
> can be, meaning it is indeed a subfolder of the web site root folder.
> What everyone wants, is to say, no one can DIRECTLY access subfolder foo,
> but my files, such as <root>/index.php CAN access foo.
> The allow/deny mechanism appears to have no way to say this, which is clearly
> where it should be controlled.
> It appears if the allow/deny mechanism always treats access from
> request directly to foo folder
> exactly the same as
> request to index.php which accesses subfolder foo, which is the desired
> working route.
> Allow from <mysite.com> does not work, I'm guessing because allow can only
> test the requesting ip/hostname.
> How hard is it to have a keyword for
> Deny <direct access>?
> or
> Allow <local access>?
> or
> AllowIndirect all
> or
> Allow allIndirect
> or
> you are clever, pick what you like and make it easy to say.
> If I am missing something simple that "fixes" this, it is not from lack of
> spending days, not hours, looking for this.
> Something this basic and universal should be able to be expressed by a not
> very expert at all person, in one or two lines.
> I am a programmer of some decades, and I expect this could be fixed in a day,
> maybe 2, by someone familiar with internals.
> If the solution is out there, it is well hidden.
> thanks for reading.
> Replies invited.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
