diff options
author | Ken Coar <coar@apache.org> | 1997-07-02 02:22:04 +0000 |
---|---|---|
committer | Ken Coar <coar@apache.org> | 1997-07-02 02:22:04 +0000 |
commit | 1abee768e81020d82bd778e7e6bf655803fbfd82 (patch) | |
tree | d996a2f6fa90cc1adbd73d5cf792a7bcd8eba4d8 | |
parent | 0d38433b54e23ee511a0db2fe59e10dfac714a16 (diff) | |
download | httpd-1abee768e81020d82bd778e7e6bf655803fbfd82.tar.gz |
Add documentation of new syntaxes for UserDir {disable|enable}, and
a nod in the security_tips for "UserDir disabled root".
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@78492 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | docs/manual/misc/security_tips.html | 6 | ||||
-rw-r--r-- | docs/manual/mod/mod_userdir.html | 69 |
2 files changed, 55 insertions, 20 deletions
diff --git a/docs/manual/misc/security_tips.html b/docs/manual/misc/security_tips.html index cba41ada90..dc08450aed 100644 --- a/docs/manual/misc/security_tips.html +++ b/docs/manual/misc/security_tips.html @@ -170,7 +170,13 @@ Also be wary of playing games with the >UserDir</A> directive; setting it to something like <SAMP>"./"</SAMP> would have the same effect, for root, as the first example above. +If you are using Apache 1.3 or above, we strongly recommend that you +include the following line in your server configuration files: </P> +<DL> + <DD><SAMP>UserDir disabled root</SAMP> + </DD> +</DL> <HR> <P>Please send any other useful security tips to The Apache Group diff --git a/docs/manual/mod/mod_userdir.html b/docs/manual/mod/mod_userdir.html index cca87f5020..50ac784465 100644 --- a/docs/manual/mod/mod_userdir.html +++ b/docs/manual/mod/mod_userdir.html @@ -33,13 +33,37 @@ is compiled in by default. It provides for user-specific directories. <strong>Status:</strong> Base<br> <strong>Module:</strong> mod_userdir<br> <strong>Compatibility:</strong> All forms except the <code>UserDir -public_html</code> form are only available in Apache 1.1 or above.<p> +public_html</code> form are only available in Apache 1.1 or above. Use +of the <SAMP>enabled</SAMP> keyword, or <SAMP>disabled</SAMP> with a +list of usernames, is only available in Apache 1.3 and above.<p> The UserDir directive sets the real directory in a user's home directory to use when a request for a document for a user is received. -<em>Directory</em> is either <code>disabled</code>, to disable this feature, - or the name of a directory, following one of the following -patterns. If not disabled, then a request for +<em>Directory/filename</em> is one of the following: +</P> +<UL> + <LI>The name of a directory or a pattern such as those shown below. + </LI> + <LI>The keyword <SAMP>disabled</SAMP>. This turns off <EM>all</EM> + username-to-directory translations except those explicitly named with + the <SAMP>enabled</SAMP> keyword (see below). + </LI> + <LI>The keyword <SAMP>disabled</SAMP> followed by a space-delimited + list of usernames. Usernames that appear in such a list will + <EM>never</EM> have directory translation performed, even if they + appear in an <SAMP>enabled</SAMP> clause. + </LI> + <LI>The keyword <SAMP>enabled</SAMP> followed by a space-delimited list + of usernames. These usernames will have directory translation + performed even if a global disable is in effect, but not if they also + appear in a <SAMP>disabled</SAMP> clause. + </LI> +</UL> +<P> +If neither the <SAMP>enabled</SAMP> nor the <SAMP>disabled</SAMP> +keywords appear in the <SAMP>Userdir</SAMP> directive, the argument is +treated as a filename pattern, and is used to turn the name into a +directory specification. A request for <code>http://www.foo.com/~bob/one/two.html</code> will be translated to: <pre> UserDir public_html -> ~bob/public_html/one/two.html @@ -52,23 +76,28 @@ UserDir http://www.foo.com/users -> http//www.foo.com/users/bob/one/two.html UserDir http://www.foo.com/*/usr -> http://www.foo.com/bob/usr/one/two.html UserDir http://www.foo.com/~*/ -> http://www.foo.com/~bob/one/two.html </pre> - -<P> -<STRONG> -Be careful when using this directive; for instance, <SAMP>"UserDir -./"</SAMP> would map <SAMP>"/~root"</SAMP> to -<SAMP>"/"</SAMP> - which is probably undesirable. See also -the -<A - HREF="core.html#directory" -><Directory></A> -directive and the -<A - HREF="../misc/security_tips.html" ->Security Tips</A> -page for more information. -</STRONG> </P> +<BLOCKQUOTE> + <STRONG> + Be careful when using this directive; for instance, + <SAMP>"UserDir ./"</SAMP> would map + <SAMP>"/~root"</SAMP> to + <SAMP>"/"</SAMP> - which is probably undesirable. If you are + running Apache 1.3 or above, it is strongly recommended that your + configuration include a + "<SAMP>UserDir disabled root</SAMP>" declaration. + See also + the + <A + HREF="core.html#directory" + ><Directory></A> + directive and the + <A + HREF="../misc/security_tips.html" + >Security Tips</A> + page for more information. + </STRONG> +</BLOCKQUOTE> <!--#include virtual="footer.html" --> </BODY> |