restrict access to files
Hi,
i'm trying to restrict acccess to all the files ending with ~ in my server , i couldn't do it. I try to deny access for files ending with ~. I have sun one webserver 6.1 sp1 in a sunfire solaris 9 machine. i tryed to do what is written in the documentation using the wildcard *.*~ and deny all order but this close all the server not only the ~ files. i don't know what happen why the server can't understand.
May be is imposible to restrict files in all the server?
thanks!
[507 byte] By [
ylapin] at [2007-11-26 6:45:02]
# 1
Can you post the relevant parts of you obj.conf files that you are using to do this, so we can check the syntax?Also, consider using/upgrading to the latest SP, since they contain many improvements, bug and security fixes.
# 4
One of the ways of doing this is
In obj.conf in the default object set BELOW the PathCheck "check-acl" acl="default" line:
...
PathCheck fn="check-acl" acl="default"
<Client uri="*~$">
PathCheck fn="check-acl" acl="tildaending"
</Client>
PathCheck fn=find-pathinfo
...
In default.acl add an ACL at the END of the file
acl "tildaending";
deny (all) user="anyone";
mv at 2007-7-6 15:04:30 >
# 5
Or if the goal is to never send them to anyone anyway, simplify to something like<Client uri="*~$">PathCheck fn=deny-existence</Client>(or send-error, or some other action, depending on desired behavior)
jyri at 2007-7-6 15:04:30 >
# 6
meena.vyas and jyri, please note that the uri parameter specifies a wildcard pattern. As stated in the the Using Wildcard Patterns section of the NSAPI Programmer's Guide at http://docs.sun.com/source/817-6252/npgwldcrd.html, ~ is a special character in wildcard patterns. As such, your examples will not work.
ylapin, the following should do what you want:<Client uri="*\\~">
PathCheck fn="deny-existence"
</Client>You can add the above immediately below the <Object name="default"> line in the obj.conf configuration file.
# 7
Thanks!
It worked . But the server's documentation is not complete. i read Limiting Access to Areas of Your Server chapter and there isn't anything about it. All the instructions are for the web administrator interface. i did exactly what is written there using the ACL files. The documentation must be completed with instructions they can't be made by the web.
It's not the first time i can't do something from the admin web interface and i couldn't find info in the on line documentation.
