How to block certain file types from outside users in Sun Java System Web Server 6.1 SP9
Wednesday May 21, 2008
If you want to block certain file types , e.g. some .ini or .conf files, from outside access in Sun Java System Web Server 6.1 SP9, then you can add <Client> tag into obj.conf, e.g.
.....
NameTrans fn="document-root" root="$docroot"
<Client uri="*.(ini|conf)">
PathCheck fn=deny-existence bong-file="<web install root>/docs/bongfile.html"
</Client>
PathCheck fn="unix-uri-clean"
....
and the bongfile is :
shell> cat bongfile.html
You cannot view this type of files here !!!
If you do not specify the "bong-file=" above, then the users will get the standard "Not Found" error in their browser.
e.g.
<Client uri="*.(ini|conf)">
PathCheck fn=deny-existence
</Client>
then restart the web server and test, e.g.
http://<hostname.domain>/test.conf
or
http://<hostname.domain>/test.ini
will result in the response as set in bongfile.html to prevent users accessing these types of ini/conf files.
Errors logs:
[21/May/2008:14:38:03] security (10791): for host xx.xx.xx.xx trying to GET /test.conf, deny-existence reports: HTTP4129: denying existence of <web root>/docs/test.conf
[21/May/2008:14:41:12] security (10791): for host xx.xx.xx.xx trying to GET /test.ini, deny-existence reports: HTTP4129: denying existence of <web root>/docs/test.ini
This can add security to file types you do not want outside users accidentally access.
|
|
|
|
Tags: 6.1 bongfile client deny-existence server tag web
