[Ids-devel] Re: alternate path question (Jeff Dafoe)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thanks for the tips everyone! I've decided to go with
the excellent suggestion of a vhost:
http://photos.tiburcio.info/ -> ids/

A little grovelling around apache.org/docs and I got
it running. My initial config, however, led to being
able to access ids.conf and other files if you knew
they existed: (i.e.
http://photos.tiburcio.info/ids.conf or /LICENSE,
etc).

This sort of made me nervous, so I added the following
to my vhost section to try and get to a more secure
state:

# deny attempts to directly read any IDS configuration
# or maintenance/incidental files
<FilesMatch "\.(pl|conf|txt|pm|stackdump)$">
   order deny,allow
   deny from all
</FilesMatch>

# Some ids files are all caps, 
# README,CREDITS,LICENSE, etc. Deny those too
<FilesMatch "[A-Z][A-Z]+">
   order deny,allow
   deny from all
</FilesMatch>

# allow all .cgi, graphics and html files
<FilesMatch  "\.(cgi|jpg|gif|jpeg|png|html)$">
   Order deny,allow
   allow from all
</FilesMatch>

It's kind of kludgey but it seems gets the job done.
Hope somebody finds it useful, or can show me a better
way. Thanks again!

__________________________________________________
Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1