How to make one directory public and all others private?

 
Post new topic   Reply to topic    Aprelium Forum Index -> Networking Issues
View previous topic :: View next topic  
Author Message
MXB
-


Joined: 24 Apr 2006
Posts: 9

PostPosted: Fri May 29, 2009 6:06 pm    Post subject: How to make one directory public and all others private? Reply with quote

How to setup some IP Address Control rule that:
Quote:
Open just one specified directory for publicly access.
And block all IPs except Local addresses to access all other directories.

My settings are down here:



Is there something wrong?
When I access any directory of my site by an web proxy (to emulate public access), I got an 403 Error.
_________________
Ah Ha!
Back to top View user's profile Send private message
aprelium-support
-


Joined: 20 Feb 2009
Posts: 356

PostPosted: Tue Jun 02, 2009 10:16 am    Post subject: Reply with quote

MXB,

According to your settings, the order "Deny/Allow" for the virtual path "/public" will deny all connections. We suggest that you change it to "Allow/Deny".

In addition the "/" rule will deny connections for the "/public" virtual folder because "/public" is a special cas for "/".
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Visit poster's website
MXB
-


Joined: 24 Apr 2006
Posts: 9

PostPosted: Tue Jun 02, 2009 12:18 pm    Post subject: Reply with quote

Thanks for reply.
aprelium-support wrote:

We suggest that you change it to "Allow/Deny".

I read the User's Guide. By changing to this order("Allow/Deny") is Deny by default, right? I tried, seems not fits my needs.

Maybe my description in previous post was not clear enough.

If my htdocs dir contents dirs such as:
/public
/abc
/test1
/demo
/cms
/lib
...
/privateN
I want /public be public; all others (/abc,/test1,/demo ... /privateN) be private.
I want browse those dirs just on local machine for testing purpose
and, needn't modify settings while adding new dirs.
Is that possible?
_________________
Ah Ha!
Back to top View user's profile Send private message
aprelium-support
-


Joined: 20 Feb 2009
Posts: 356

PostPosted: Wed Jun 03, 2009 9:26 am    Post subject: Reply with quote

MXB,

Unfortunately, you need to configure the folders one by one for security issues.

The other possible solution is to use regular expressions:
http://www.aprelium.com/abyssws/articles/regex-basics.html

For example, you can can rename any private directory "folder" to "rfolder" (r for restricted) and create a rule to restrict access to every virtual path that matches the pattern "/r*".
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Visit poster's website
MXB
-


Joined: 24 Apr 2006
Posts: 9

PostPosted: Tue Jun 09, 2009 6:23 am    Post subject: Reply with quote

aprelium-support wrote:

The other possible solution is to use regular expressions:
http://www.aprelium.com/abyssws/articles/regex-basics.html

For example, you can can rename any private directory "folder" to "rfolder" (r for restricted) and create a rule to restrict access to every virtual path that matches the pattern "/r*".


Did you mean put "/r*" in URL Rewriting Rules? Maybe you missed a dot(.) in "/r*"?
"/r.*" works.

----------
Anyway, it is strange that "/r*" will match all paths? why?

in rewrite.log
Quote:
----------------------------------------------
Request URI=[/]:
Rule #1: Regex [/r*] matches with the request URI

Testing the conditions:
REMOTE_ADDR (value: [127.0.0.1]) != [127.0.0.1] => FALSE
The conditions are not verified (FALSE).
===> No rule matches.

----------------------------------------------
Request URI=[/favicon.ico]:
Rule #1: Regex [/r*] matches with the request URI
Testing the conditions:
REMOTE_ADDR (value: [127.0.0.1]) != [127.0.0.1] => FALSE
The conditions are not verified (FALSE).
===> No rule matches.

----------------------------------------------
Request URI=[/restricted/]:
Rule #1: Regex [/r*] matches with the request URI
Testing the conditions:
REMOTE_ADDR (value: [127.0.0.1]) != [127.0.0.1] => FALSE
The conditions are not verified (FALSE).
===> No rule matches.

----------------------------------------------


Why "/","/favicon.ico","/restricted/" all match with "/r*"?
_________________
Ah Ha!
Back to top View user's profile Send private message
aprelium-support
-


Joined: 20 Feb 2009
Posts: 356

PostPosted: Tue Jun 09, 2009 10:11 am    Post subject: Reply with quote

MXB,

We apologize about the confusion. The "/r*" is just a pattern that means a string followed by something. It is not a regular expression.

The regular expression that you need is "^/r".
_________________
Support Team
Aprelium - http://www.aprelium.com
Back to top View user's profile Send private message Visit poster's website
MXB
-


Joined: 24 Apr 2006
Posts: 9

PostPosted: Tue Jun 09, 2009 1:53 pm    Post subject: Reply with quote

aprelium-support,

I'm sorry I missed the "^" in "^/r.*".

I tried fill "b/b" in "Virtual Path Regular Expression" filed and tested.
It matches path "/tab/bed/".
----It seems----
Just need one part of a string matches with the given Regular Expression to make the rule TRUE.

"^/r" and "^/.*" mostly have the same mean in "Virtual Path Regular Expression" unit in Abyss Web Server.

"/r*" should works in "IP Address Control"-"Virtual Path" unit, as a Pattern to match any path start with "/r"
If fill it in "Virtual Path Regular Expression" filed, will match any "/" in any path.
-----------------
Sorry, I am unfamiliar with Regular Expression.
Here's my Regular Expression for the case in first post:
^(?!/public(?:$|/.*?)).*?$
I tested,
Hope it truly right for Abyss Web Server.
_________________
Ah Ha!
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Networking Issues All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group