Deny all files in a certain directory using

Question

Im attempting to secure the mod_userdir module in apache..

Currently the directory structure for my users sites is

/home/{user}/domains/{domain}/public_html/site

The issue is, a number of my users store files that shouldnt be stored in the /domains/ directory (private files), but they do, and id rather work round it than make them move them.

Basically I have denied access to all directories in /{domain}/, except public_html, HOWEVER, files can still be viewed.

Here is my usermod.conf config.

<IfModule mod_userdir.c>
    UserDir /home/*/domains
    UserDir disabled root
    <Directory /home/*/domains/*/*>
            Order allow,deny
            Deny from all
    </Directory>

    <FilesMatch /home/*/domains/*/*>
            Order deny,allow
            Deny from all
    </FilesMatch>
    <Directory /home/*/domains/*/public_html>
            Order allow,deny
            Allow from all
    </Directory>

    <Directory /home/*/domains>
            AllowOverride FileInfo AuthConfig Limit Indexes
            Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
            <Limit GET POST OPTIONS>
                    Order allow,deny
                    Allow from all
            </Limit>
            <LimitExcept GET POST OPTIONS>
                    Order deny,allow
                    Deny from all
            </LimitExcept>
    </Directory>

You can see how I have tried to remove access to the files in /{domain}/ with , however this just isnt working.

Any help would be appreciated.

score 1 · Answer 1 · answered Jul 29 '11 at 18:28

1

Maybe your problem is in the FilesMatch directive; FilesMatch uses regex to match directives, therefore, to obtain what you want, you should write:

<FilesMatch "/home/.*/domains/.*/.*">
    Order deny,allow
    Deny from all
</FilesMatch>

answered Jul 29 '11 at 18:28

Marco Bizzarri

1,318
1
11
11

This did not work, for reference.. Here is an example of the directory of which the files I am trying to hide reside in http://109.224.135.26/~brad/bradleymorris.co.uk/ That maps to /home/brad/domains/bradleymorris.co.uk – Brad Morris Jul 29 '11 at 18:53

score 1 · Answer 2 · answered Jul 29 '11 at 19:48

I don't believe you can specify a path in any of the Files directives. And also it doesn't look like you really need the FilesMatch directive, as you aren't really using any complex pattern to require regex's. I usually put my Files directives inside the directory though to make it simple.

This seemed to work for me with a setup similar to yours. Under /var/www/domains there is 1/ 2/ and 3/ each with various html files. None are accessible now.

<Directory /var/www/domains/*/>
        Options None
        AllowOverride None
        Order Allow,Deny
        Deny from All
        <Files *>
                Order Allow,Deny
                Deny from All
        </Files>
</Directory>

Deny all files in a certain directory using

2 Answers2