[Geomoose-users] Securing an application- hidden directories

TC Haddad tchaddad at gmail.com
Thu Jan 28 11:58:18 PST 2016


One guess is that I think you can set permissions for your own applications
based on their IP address, such that they can use that directory, while
others cannot.

So in the directory settings you would have:

Order deny,allow
Deny from all
Allow from xyz

Where xyz is the IP address, that you want to allow access from.

I'm not sure how this works in combination with the redirect you are trying
to set - you would have to test to see which takes precedence.

But I think if implemented successfully the directory setting would protect
the content of your directory, even if the name is not hidden.



On Thu, Jan 28, 2016 at 11:46 AM, Bistrais, Bob <Bob.Bistrais at maine.gov>
wrote:

> My saga of securing a GeoMoose website continues.  One of the issues
> reported in the latest security scan is that hidden directories were
> detected.  These normally issue a 403 Forbidden response.  The recommended
> practice is to issue a 404 Not Found response instead.
>
>
>
> I found out how to do this through the Apache settings, and it’s pretty
> easy- in the http_d.cong file, add a line like this:
>
> RedirectMatch 404 "../(the_directory_name)"
>
>
>
> -That works for the majority of the hidden directories, but it falls apart
> with the cgi-bin directory.  If I add a line in the conf file:
>
> RedirectMatch 404 "cgi-bin"
>
>
>
> -Then the application itself seems unable to access its own PHP files, or
> at least the errors occur when calling them.
>
>
>
> This may be more a Mapserver or Apache question, but wonder if anyone here
> has any suggestions?
>
> _______________________________________________
> Geomoose-users mailing list
> Geomoose-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/geomoose-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geomoose-users/attachments/20160128/e0918510/attachment.html>


More information about the Geomoose-users mailing list