Apache content filtring

Apache content filtring

Apache content filtering

Content Restrictions

Features: -

1. Restricts access to content based on:

1. <Directory>

2. <Location> - URL - Web Space

3. <Files>

4. <Auth> - Authentication - related directives

2. Default Config Restricts access to: '.htaccess', '.ht*' - 'httpd.conf'

3. These are largely IP-based blocks of access to content

4. By Default, Apache restricts, by honouring File System semantics, access to hidden files

5. Facilitates the ability to publish some content externally and others internally

1. directory baised access(content filtering)

1. <Directory> # IP-based restriction

<Directory /var/www/html/pub1>

Order allow,deny

Allow from 127.0.0.1 192.168.4.106

</Directory>

2. Effectively take content offline from web space to facilitate File-System based updates

<Directory /var/www/html/pub1>

Order deny,allow

Deny from all

</Directory>

3. Use '<Location>' to restrict access to content :-

'<LocationMatch ^/priv>' - traps variants including, but not limited to: '/priv', '/private', '/privacy', 'privelege'

<LocationMatch ^/priv>

Order deny,allow

Deny from all

</LocationMatch>

change to

<Location ~ ^/priv>

Order deny,allow

Deny from all

</Location>

4. Use '<Files>' to restrict access to content(access to directory but restricting some file)

note put it into the Directive in which you want to apply this otherwise this will block all the directives file cause it has recursive nature.

'<Files ~ "\.(xls|doc|pdf|mdb)">

Order deny,allow

deny from all

</Files>

5. Block access to hidden files

<FilesMatch "\.">

Order deny,allow

deny from all

</FilesMatch>