jojo's blog--快乐忧伤都与你同在
为梦想而来,为自由而生。 性情若水,风起水兴,风息水止,故时而激荡,时又清平……
posts - 11,  comments - 30,  trackbacks - 0
<Location /obcart/index.php>
 Order Deny,Allow
 Deny from All
 Satisfy All
</Location>

RedirectMatch 404 /".svn(/|$)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This is straight from the mailing list with grateful thanks to Ryan Schmidt.

Sometimes I can be a bit slow so I hadn't even considered blocking access to the .svn folders on this and other sites I maintain. I have now! There are two solutions:

<Files ".svn">

Order allow,deny

Deny from all

</Files>

<DirectoryMatch "/".svn/">

Order allow,deny

Deny from all

</DirectoryMatch>

and:

RedirectMatch 404 /".svn(/|$)

====================================================================================================


Apache Tips & Tricks: Deny access to some folders

Applies: apache 1.3.x / apache 2.0.x
Required apache module: mod_access
Scope: global server configuration, virtual host, directory, .htaccess
Type: security

Description: How to deny access to certain folders and the files inside them.
Useful: to deny access to certain folders containing private information (log files, source code, password files, etc.). The example shown here will address the question posted by Saul Howard on how to deny access to all the subversion directories (.svn).

I a previous tip (Deny access to certain file types) I have showed how we can deny access to files using a particular filename or all the files with a particular extension or any regexp we can match the files. In this post we will block access to folders, so instead of using the <Files> directive we will be using the <Directory> section.

Allow/Deny Directive in <Directory>

Let’s see how we can deny access to all the .svn folders that exist on the server.
In order to achieve this we will add the following configuration lines in the appropriate context (either global config, or vhost/directory, or from .htaccess):

<Directory ~ "".svn">
Order allow,deny
Deny from all
</Directory>

Similar to this we can deny access to other folders we might need…

Note: this will show a Forbidden page (code 403) even if the folder does not exist and it is just called from the browser in the url.
Another way how this can be quickly accomplished is by using a Rewrite rule:

RewriteRule ^(.*/)?"".svn/ - [F,L]

or using a redirect:

RedirectMatch 404 /"".svn(/|$)

(in this last example I am using 404 as the returned code so this looks like the folder doesn’t exist on the server; of course if you prefer you can return 403 - forbidden code).

Go to:
Main page of all my Apache Tips & Tricks




posted on 2009-04-20 15:07 Blog of JoJo 阅读(369) 评论(0)  编辑  收藏 所属分类: Linux 技术相关

只有注册用户登录后才能发表评论。


网站导航:
 

<2024年12月>
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234

常用链接

留言簿(6)

随笔档案

文章分类

文章档案

新闻分类

新闻档案

相册

收藏夹

搜索

  •  

最新评论

阅读排行榜

评论排行榜