Hi,
Could do with some guru guidance :)
I'd like to only allow certain file extensions to be served without
messing up my other host based allow/deny rules.
Right now I have this in my config:
(included into both :80 and :443 virtualhost sections)
# We will explicitly allow only certain file types being served
...
<FilesMatch "^.*$">
Deny from all
</FilesMatch>
<FilesMatch "^([^\.]+\.(html|css|js|crt|jpg|png|php|cgi))?$">
Include /etc/apache2/sites-available/common/allowfromhosts
Deny from all
</FilesMatch>
...
<Directory />
Order Allow,Deny
Deny from all
AllowOverride None
</Directory>
...
<Directory /vol/www/html>
Include /etc/apache2/sites-available/common/allowfromhosts
Deny from All
AllowOverride None
...
</Directory>
#########
And common/allowfromhosts contains:
Allow from 10.0.0.0/16 128.30.52.0/24
################
That works, but seems a little inelegant having to relegate the "allow
from IP" to an include file.
I could do it better if there was a "FilesNotMatch" directive or equivalent.
The actual logic I want is:
1) Unless the URL ends "/" OR "/*.ext" where ext is one of html, css, js
etc, THEN categorically DENY access at all times IRRESPECTIVE of any
other rules.
2) If that passes, then respect further allow/deny rules, eg the "allow
from 10.0.0.0/16 128.30.52.0/24" BUT DENY from everyone else
Is there a better way?
Many thanks in advance :)
Cheers
Tim
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
