How to block subdirectory entry with URL

 
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
fhutt
-


Joined: 14 Jul 2019
Posts: 31

PostPosted: Sun Jul 14, 2019 12:34 pm    Post subject: How to block subdirectory entry with URL Reply with quote

Hello,
I am new to Abyss. It looks great and simple enough for me to make it work.

I don't want access to subdirectories with the URL.
As an example, http://dir.domain.org:90 is OK since I want the requests to go to port 90 but I want to block http://dir.domain.org:90/subdir/index.htm.

Is there a way to this?
Thanks
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1019

PostPosted: Fri Jul 19, 2019 7:26 pm    Post subject: Re: How to block subdirectory entry with URL Reply with quote

fhutt wrote:
Hello,
I am new to Abyss. It looks great and simple enough for me to make it work.

I don't want access to subdirectories with the URL.
As an example, http://dir.domain.org:90 is OK since I want the requests to go to port 90 but I want to block http://dir.domain.org:90/subdir/index.htm.

Is there a way to this?
Thanks


Do you want to block all subdirectories? Or is there a list of subdirectories that should be blocked only?
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
fhutt
-


Joined: 14 Jul 2019
Posts: 31

PostPosted: Fri Jul 19, 2019 10:27 pm    Post subject: Reply with quote

All subdirectories and by the way all files in the root directory also.
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 914
Location: Michigan, USA

PostPosted: Sat Jul 20, 2019 3:29 am    Post subject: Reply with quote

I'm a little stumped as to why you'd run a server if you're blocking all requests to files that exist except for a single page. But if that's what you want, you could use URL rewriting for this purpose.

That regex is:
Code:
^/.{1,}$


If you just want people to access the URL http://dir.domain.org:90, then the HTTP request will be a simple slash, e.g. /

So this regex says begin with ( ^ ) a slash ( / ) followed by any character ( . ) repeated at least one time up to any number of times {1,}. (You could leave off the $ at the end if you want to. It shouldn't make any difference.)

In practice, this will match any URL except http(s)://dir.domain.org:90 and send them an HTTP 403 Forbidden message.


_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
fhutt
-


Joined: 14 Jul 2019
Posts: 31

PostPosted: Sat Jul 20, 2019 9:12 am    Post subject: Reply with quote

Thank you for the detailed response.
You are right, I do not want to prevent all access to files and directories.
I just want to prevent someone entering a MyURL/dir/file.htm and access that file.
I just want the remote browser to have access to all my files and directories from links and references from inside my web pages. Not at random from an external browser.

In fact I would like to block the file and directory accessed being viewed on the address bar of an external browser. I have a free web hosting site that does this by default so it must be possible. It just shows the MyURL by itself and nothing else.
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 914
Location: Michigan, USA

PostPosted: Sun Jul 21, 2019 6:50 pm    Post subject: Reply with quote

This is almost possible, but not fool-proof.

FYI: When you click on a link from your page, the browser sends an HTTP header called REFERER with the value of the URL of your homepage.

The referer header is able to be spoofed with trivial effort. Or some privacy-concerned users may configure their browser to never send referer headers. So you may introduce issues with your website to a small amount of visitors.

Nevertheless, if you want to rely on the REFERER header,

  • Go to the Abyss console
  • Click 'Configure' on the appropriate host
  • Click on 'Anti-Leeching'
  • For *each* directory you want to disable direct access, you must add it into the 'Anti-Leeching Scope'.
  • The redirect URL is where you want to send people who don't send a referer that matches your website.
  • Check the box 'Refuse requests with no referer header'. This will stop direct access in its tracks.


Note that Anti-Leeching will still allow a link on /somedir/somefile.htm to link to /somewhere_else/another_file.htm without going to it from the homepage.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
fhutt
-


Joined: 14 Jul 2019
Posts: 31

PostPosted: Sun Jul 21, 2019 11:05 pm    Post subject: Reply with quote

It appears to be fairly complicated in my situation. I have a large number of folders and subfolders. So entering each one manually, without mistake would be almost impossible.

The main reason I would have wanted this is because I have a Username Password entry page for my index.file. From here the user is sent to a selection page and from there to their particular page of interest. If the final page location can be seen in the address bar, then next time they want to access that page they just have to enter that final page location into their browser and bypass the index page. Of course they could give a link with that address to anyone and they could access the page without a username and password. Of course I would like to prevent this.

Is there some other method to achieve this?
Back to top View user's profile Send private message
fhutt
-


Joined: 14 Jul 2019
Posts: 31

PostPosted: Mon Jul 22, 2019 8:46 am    Post subject: Reply with quote

I think I found a solution.
I worked out how set up Passwrds in Abyss.

Now that Abyss issues a Username and Password request, how will my Let's Encrypt certificate be renewed? How will their website obtain access to my website without the Username and Password I set?
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 914
Location: Michigan, USA

PostPosted: Wed Jul 24, 2019 12:27 am    Post subject: Reply with quote

fhutt wrote:
I think I found a solution.
I worked out how set up Passwrds in Abyss.

Now that Abyss issues a Username and Password request, how will my Let's Encrypt certificate be renewed? How will their website obtain access to my website without the Username and Password I set?


OK great!

You don't have to worry about your certificates with password-protected sites. I have one also and Abyss renews it without problem.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
fhutt
-


Joined: 14 Jul 2019
Posts: 31

PostPosted: Wed Jul 24, 2019 12:41 am    Post subject: Reply with quote

Now that the Username and Password system from Abyss is working, I have to change my index file. But, this is trivial and almost finished. Having the website encrypted makes the site more private. Being able to access individual files from the address bar is also ok since a username and password will be required.

I am just about there now.
Stephen, Thank you so much for your help.
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 914
Location: Michigan, USA

PostPosted: Wed Jul 24, 2019 12:58 am    Post subject: Reply with quote

fhutt wrote:
Now that the Username and Password system from Abyss is working, I have to change my index file. But, this is trivial and almost finished. Having the website encrypted makes the site more private. Being able to access individual files from the address bar is also ok since a username and password will be required.

I am just about there now.
Stephen, Thank you so much for your help.


You're welcome! Glad you're getting the hang of things.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> General Questions All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group