From: TJ S. <cas...@us...> - 2004-04-13 20:33:14
|
Update of /cvsroot/proftp/proftpd/doc/howto In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv24097 Modified Files: Filters.html Log Message: Emphasize _not_ using both an Allow and a Deny Filter at the same time. Index: Filters.html =================================================================== RCS file: /cvsroot/proftp/proftpd/doc/howto/Filters.html,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Filters.html 10 Apr 2004 18:01:18 -0000 1.4 +++ Filters.html 13 Apr 2004 20:19:12 -0000 1.5 @@ -21,11 +21,11 @@ <p> First, there are the <a href="http://www.proftpd.org/docs/directives/linked/config_ref_AllowFilter.html"><code>AllowFilter</code></a> and <a href="http://www.proftpd.org/docs/directives/linked/config_ref_DenyFilter.html"><code>DenyFilter</code></a> configuration directives. These configuration directives are used to set filters on <b>every</b> FTP command. If an <code>AllowFilter</code> is -used, the command parameters must match the given filter, otherwise the command -will be denied. If a <code>DenyFilter</code> is used, the command parameters -must <b>not</b> match the given filter, otherwise the command will be denied. -If both <code>AllowFilter</code> and <code>DenyFilter</code> are used, then -the <code>AllowFilter</code> will be checked first. +used, the command parameters <b>must</b> match the given filter, otherwise the +command will be denied. If a <code>DenyFilter</code> is used, the command +parameters <b>must not</b> match the given filter, otherwise the command will +be denied. If both <code>AllowFilter</code> and <code>DenyFilter</code> are +used, then the <code>AllowFilter</code> will be checked first. <p> Second, there are some special filter configuration directives aimed at those @@ -37,16 +37,20 @@ <code>Path</code> filters are only applied to the following FTP commands: <code>DELE</code>, <code>MKD/XMKD</code>, <code>RMD/XRMD</code>, <code>RNFR</code>, <code>RNTO</code>, <code>STOR</code>, <code>STOU</code>, -and to the <code>SITE</code> commands <code>CHGRP</code> and <code>CHMOD</code> +and to the <code>SITE</code> commands <code>CHGRP</code> and <code>CHMOD</code>. +Note that using both <code>PathAllowFilter</code> and +<code>PathDenyFilter</code> at the same time is not a good idea; only one +filter is generally needed. <p> One property that often catches the unwary administrator is the fact that -<code>proftpd</code> only operates on the first Filter directive defined in -the configuration file; it does not cycle through multiple Filter directives. -This is because multiple regular expressions can be combined into a single -(albeit more complex) regular expression. The alternation metacharacter is -helpful in creating such combined regular expressions. For example, if -you had the following in your <code>proftpd.conf</code>: +<code>proftpd</code> only operates on the first <code>Filter</code> directive +defined in the configuration file; it does not cycle through multiple +<code>Filter</code> directives. This is because multiple regular expressions +can be combined into a single (albeit more complex) regular expression. The +alternation metacharacter is helpful in creating such combined regular +expressions. For example, if you had the following in your +<code>proftpd.conf</code>: <pre> PathAllowFilter \.jpg$ PathAllowFilter \.jpeg$ |