Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th March 2009, 19:20
radim_h radim_h is offline
Senior Member
 
Join Date: Jan 2007
Location: Prague, Czech
Posts: 424
Thanks: 34
Thanked 26 Times in 21 Posts
Send a message via ICQ to radim_h
Default Apache 2.2 - is there way how to allow only Options=Indexes f?

Default ISPC setting in /etc/apache2/apache2.confapac for web and users webs is:
<Directory /var/www/*/web>
Options +Includes -Indexes
AllowOverride None
AllowOverride Indexes AuthConfig Limit FileInfo
Order allow,deny
Allow from all
<Files ~ "^\.ht">
Deny from all
</Files>
</Directory>


Which is good for security, because when set to AllowOverride Options, user can run CGI scripts and much more as described in manual http://httpd.apache.org/docs/2.2/mod/core.html#options

But it can be very helpfull allow Overwrite Options Indexes + for users in .htacess files as setting browsable directories handy for every customer is really annoying.

Haven't you guys seens any patch or hack to allow only Options Indexes for users?
I have seen some hosting companies which says that there is Only Options=Indexes allowed for their users so i'm wondering if they are using some own modifications of apache or how they do it
???

Thanks for any hint

I'm using debian Lenny with latest apache 2.2.9-10+lenny2
Reply With Quote
Sponsored Links
  #2  
Old 20th March 2009, 14:32
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

You can use something like this in the Apache Directives field of a web site:
Code:
<Directory /var/www/web1/web>
  Options Indexes
</Directory>
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 23rd March 2009, 11:51
radim_h radim_h is offline
Senior Member
 
Join Date: Jan 2007
Location: Prague, Czech
Posts: 424
Thanks: 34
Thanked 26 Times in 21 Posts
Send a message via ICQ to radim_h
 
Default

sorry for bothering, reading Apache manual does the work.
Allowing all Options is not good, then user can run cgi sripts etc..
to allow only indexes it has to look this way:

AllowOverride Indexes AuthConfig Limit FileInfo Options=Indexes

(i have tried this option before, don't understand why it didnt work, probably problem somewhere between keyboard and chair .o) )

list of allowed parameters for Options has to be separated by comma

http://httpd.apache.org/docs/2.2/mod...#allowoverride

Last edited by radim_h; 23rd March 2009 at 11:53.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CENTOS 5 Ping Problem gAnDo Server Operation 11 28th March 2008 21:58
Centos 4.4 32bit Hangs, High Server load 3cwired_com Server Operation 11 16th November 2006 16:47
Apache 2.2 with mod_proxy_balancer meekish Installation/Configuration 1 10th September 2006 15:17
mod_mono apache 2.2 ColdDoT Server Operation 5 23rd May 2006 03:58
Problem with the installation of Dokeos (LMS) in ISPConfig jofranco General 4 28th April 2006 01:45


All times are GMT +2. The time now is 03:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.