That is correct Scott. My point is with that setup, althought Options is none and access to the directory is forbidden, which is what I wanted, I can still access the file get_vars.php in the forbidden directory. Is that correct behaviour for the setting of the <Files> container? Keith On Sun, 1 Jan 2006, Scott Leighton wrote:
To: suse-security@suse.com From: Scott Leighton <helphand@pacbell.net> Subject: Re: [suse-security] Apache <Files>...</Files> problem
On Sunday 01 January 2006 12:31 pm, suse@karsites.net wrote:
<Directory /srv/www/htdocs/KAR/websites/pub/computing/apache-test> Options None Order deny,allow Deny from all <Files *.php> Order deny,allow Deny from all </Files> </Directory>
(I restarted apache with /etc/init.d/apache2 stop, then start.)
If you go to that directory, you will get permission denied for the directory, which is not even listed in the /pub/computing/ directory, as expected.
You have Options None, so unless you have an index in that directory, I believe it is correct for apache to throw a permission denied.
Scott