stackoom
  简体   繁体   中英

Deny all filetypes but 1 and allow autoindexing

 原文  2017-08-18 11:37:18       apache/ apache2/ restrictions

Question

I've searched all over stackoverflow and seen various posts but no luck thus far.

Let me paint the picture: Im hosting a game server for me and some buddies and im symlinking the directory with maps and mod to apache2. I only want the outside world to be able to download the so called "pk3" files but not the "cfg","log" or any other file type.

That part i got working. I also want autoindex to work but no luck thus far. I get a 403 error.

Current state: 

<Directory /var/www/redirect/*>
    allow from all
    Options +Indexes
    IndexIgnore .. *cfg* *dat *dll *txt URL *log *backup* database
    IndexOptions FancyIndexing FoldersFirst
    AllowOverride None
    Require all granted
</Directory>

<Files *>
    Order deny,allow
    deny from all
</Files>

<Files *.pk3>
    Order deny,allow
    allow from all
</Files>

<FilesMatch "^(index\.*)?$">
    Order allow,deny
    allow from all
</FilesMatch>

The FilesMatch doesnt seem to work properly (hence the [access_compat:error] in my logs and 403 in my browser).

Hopefully someone can help me with this, ive been searching for hours.

1 answers

solution1
 0  2018-02-23 00:26:34

See here: https://serverfault.com/questions/634996/apache2-allow-directory-indexing-but-restrict-file-access-by-type

You need also to allow index files: 

<FilesMatch "index\.">
    Order allow,deny
    allow from all
</FilesMatch>

because Apache will search for them (like index.html, index.cgi,...) but they are all forbidden. I'm not sure why, but I suppose Apache cannot even check for existence of those files, and then sends a 403. If Apache can check the inexistence of those index files, he will create the directory index, and that needs the <FilesMatch ""> Directive, as the index file name is "".

You can find the information in the error logfile, some lines like: 

client denied by server configuration: /var/www/index.html

And because you want that forbidden files are listed too, you need to add 

IndexOptions ShowForbidden

for example after Options Indexes FollowSymLinks . There are plenty of options for directory indexes you can find them in the apache doc .

Hope this helps.

Update: The FilesMatch needs to hit every possible entry from the DirectoryIndex directive and the empty string. If you have this: DirectoryIndex index.html index.html.var index.php then this is your match: <Files ~ ^index\\.(html|php|html.var)$|^$>

It might be easiest to set DirectoryIndex and then match: 

DirectoryIndex index.html
<Files ~ ^index\.html$|^$>
    <Limit GET HEAD>
        Order Allow,Deny
        Allow from all
    </Limit>
</Files>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question .htaccess, order allow, deny, deny from all: confused? Only Allow $_POST and $_GET and Deny All HTACCESS .htacess allow from local and deny all except one user agent .htaccess : understanding use of deny,allow and allow,deny htaccess “order” Deny, Allow, Deny Apache - Allow one wildcard URL, deny all other requests Deny folder to all but certain IPs, but allow full access to certain files htaccess deny all at root, allow access matching url after a rewrite Apache - Deny listing directory but allow access to all subfolders .htaccess deny and allow
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM