Is there a way to apply mod_security to specific directories?

Discussion in 'HOWTO-Related Questions' started by nhepner, Feb 14, 2008.

  1. nhepner

    nhepner New Member

    I'm pretty new to apache configurations, so hopefully this is an easy fix.

    I read the how-to on mod_security - very informative and very useful, but I need more specific help on this.

    What I'm trying to do is set up a downloads folder so that registered users of one of my sites can click on a link and download a file. I need to secure said folder from people not linking from the site (as the link will only appear for registered users). Is there a way to set up the conf file to apply security settings to a specific directory rather than the entire webhost? Is there a better way to accomplish this? I believe the directive that I'm looking for is
    SetFilter !php
    Thanks in advance for the help, and let me know if you need more information.
  2. falko

    falko Super Moderator ISPConfig Developer

  3. nhepner

    nhepner New Member

    Here's what I came up with

    SetEnvIf Referer "" site_referal
    <Directory /path/to/file>
    	Order Deny, Allow
    	Deny from all
    	Allow from env=site_referal
    If there's a better way to do this, I'd really like to know. As I said before, I really don't know what I'm doing, so I'm quite grateful.

Share This Page