logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Apache SSI

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
rickwschneider



Joined: 23 Jan 2019
Posts: 3

PostPosted: Wed 23 Jan '19 1:12    Post subject: Apache SSI Reply with quote

I'll apologize in advance, I'm very new to Apache server administration.

We have an Apache server configured to allow server-sided includes with a file extension of .inc. However, we don't want people to be able to browse directly to the .inc files and view them.

Originally, what I did is add this directive to the directory config for the html root:

Code:

<Directory "/var/www/html">
        <FilesMatch "(^.+\.(inc)$)">
                Require all denied
        </FilesMatch>
</Directory>


It worked great, except now the server will not render the content from the .inc files at all. How can I:

A) Keep users from directly viewing the .inc files
-and-
B) Still allow them to be processed as server-sided includes and have their content provided to the web viewers

Thanks in advance,
Rick
Back to top
timo



Joined: 03 Jun 2012
Posts: 31
Location: FI, EU

PostPosted: Wed 23 Jan '19 19:31    Post subject: Re: Apache SSI Reply with quote

Have you tried rewriting?
https://stackoverflow.com/questions/24408307/how-to-disable-server-side-includes-ssi-using-htaccess
Back to top
rickwschneider



Joined: 23 Jan 2019
Posts: 3

PostPosted: Thu 24 Jan '19 18:42    Post subject: Reply with quote

Thanks for your response.

I took a look at that article and put in a similar rule, but it had the same results as if I had forbidden the file extension within the main httpd.conf file.

Any other thoughts?
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2181
Location: Sun Diego, USA

PostPosted: Fri 25 Jan '19 4:12    Post subject: Reply with quote

Code:
<Files ~ "\.inc$">
    <If "(%{SERVER_PROTOCOL} == 'INCLUDED')">
        Require all granted
    </If>
    <Else>
        Require all denied
    </Else>
</Files>

Works for me
Back to top
rickwschneider



Joined: 23 Jan 2019
Posts: 3

PostPosted: Fri 25 Jan '19 18:57    Post subject: Reply with quote

Awesome, that worked like a charm. Thanks so much!
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1