Red Hat DIRECTORY SERVER 2.0 - GATEWAY Manual de usuario descargar pdf (Pagina 83)

Chapter 10. Access control

Satisfy any

</Directory>

Figure 10-15. Mixed restrictions

The two worlds of access control are joined by the Satisfy command. This has two

possible options: Any and All. Satisfy Any requires the request to satisfy either the

location requirement or the authentication requirement. Satisfy All would require it

to satisfy both.

Blocking access based on a ﬁle’s name

There is one last aspect of access control we must consider. We have stopped certain

ﬁles being listed in indexes in the Section called Automatic indexing of directories in

Chapter 6 but we warned that this did not stop the ﬁles being downloaded if the

client could guess the name. This section will demonstrate how to block downloads

of ﬁles matching certain expressions in the same way as the IndexIgnore command

stops ﬁles matching those patterns being listed.

We can restrict certain commands to ﬁles that match regular expressions with the

<FilesMatch> ... </FilesMatch> directive. We can put a simple denial of all access

in this block.

In an ideal world, IndexIgnore and <FilesMatch> would accept the same syntax

for describing their ﬁles. Unfortunately they don’t, and this is a serious ﬂaw in the

Apache Software Foundation’s way of handling their modules. IndexIgnore uses

shell-style wildcards, formally known as globbing, and <FilesMatch> uses sed-style

regular expressions.

Our current example conﬁguration ﬁle has the line

IndexIgnore "#*#" "*~" "configuration"

and the equivalent <FilesMatch> regular expression is

(^#.*#$|.*~$|^configuration$)

IndexIgnore "#*#" "*~" "configuration"

...

Order allow,deny

Deny from All

</FilesMatch>

Figure 10-16. Blocking access to the ﬁles ignored in the index

1 2 ... 78 79 80 81 82 83 84 85 86 87 88 ... 95 96

Sin comentarios

Red Hat DIRECTORY SERVER 2.0 - GATEWAY Manual de usuario Pagina 83