View previous topic :: View next topic |
Author |
Message |
fhutt -
Joined: 14 Jul 2019 Posts: 43
|
Posted: Sun Jul 14, 2019 12:34 pm Post subject: How to block subdirectory entry with URL |
|
|
Hello,
I am new to Abyss. It looks great and simple enough for me to make it work.
I don't want access to subdirectories with the URL.
As an example, http://dir.domain.org:90 is OK since I want the requests to go to port 90 but I want to block http://dir.domain.org:90/subdir/index.htm.
Is there a way to this?
Thanks |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1298
|
Posted: Fri Jul 19, 2019 7:26 pm Post subject: Re: How to block subdirectory entry with URL |
|
|
fhutt wrote: | Hello,
I am new to Abyss. It looks great and simple enough for me to make it work.
I don't want access to subdirectories with the URL.
As an example, http://dir.domain.org:90 is OK since I want the requests to go to port 90 but I want to block http://dir.domain.org:90/subdir/index.htm.
Is there a way to this?
Thanks |
Do you want to block all subdirectories? Or is there a list of subdirectories that should be blocked only? _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
fhutt -
Joined: 14 Jul 2019 Posts: 43
|
Posted: Fri Jul 19, 2019 10:27 pm Post subject: |
|
|
All subdirectories and by the way all files in the root directory also. |
|
Back to top |
|
|
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Sat Jul 20, 2019 3:29 am Post subject: |
|
|
I'm a little stumped as to why you'd run a server if you're blocking all requests to files that exist except for a single page. But if that's what you want, you could use URL rewriting for this purpose.
That regex is:
If you just want people to access the URL http://dir.domain.org:90, then the HTTP request will be a simple slash, e.g. /
So this regex says begin with ( ^ ) a slash ( / ) followed by any character ( . ) repeated at least one time up to any number of times {1,}. (You could leave off the $ at the end if you want to. It shouldn't make any difference.)
In practice, this will match any URL except http(s)://dir.domain.org:90 and send them an HTTP 403 Forbidden message.
_________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
fhutt -
Joined: 14 Jul 2019 Posts: 43
|
Posted: Sat Jul 20, 2019 9:12 am Post subject: |
|
|
Thank you for the detailed response.
You are right, I do not want to prevent all access to files and directories.
I just want to prevent someone entering a MyURL/dir/file.htm and access that file.
I just want the remote browser to have access to all my files and directories from links and references from inside my web pages. Not at random from an external browser.
In fact I would like to block the file and directory accessed being viewed on the address bar of an external browser. I have a free web hosting site that does this by default so it must be possible. It just shows the MyURL by itself and nothing else. |
|
Back to top |
|
|
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Sun Jul 21, 2019 6:50 pm Post subject: |
|
|
This is almost possible, but not fool-proof.
FYI: When you click on a link from your page, the browser sends an HTTP header called REFERER with the value of the URL of your homepage.
The referer header is able to be spoofed with trivial effort. Or some privacy-concerned users may configure their browser to never send referer headers. So you may introduce issues with your website to a small amount of visitors.
Nevertheless, if you want to rely on the REFERER header,
- Go to the Abyss console
- Click 'Configure' on the appropriate host
- Click on 'Anti-Leeching'
- For *each* directory you want to disable direct access, you must add it into the 'Anti-Leeching Scope'.
- The redirect URL is where you want to send people who don't send a referer that matches your website.
- Check the box 'Refuse requests with no referer header'. This will stop direct access in its tracks.
Note that Anti-Leeching will still allow a link on /somedir/somefile.htm to link to /somewhere_else/another_file.htm without going to it from the homepage. _________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
fhutt -
Joined: 14 Jul 2019 Posts: 43
|
Posted: Sun Jul 21, 2019 11:05 pm Post subject: |
|
|
It appears to be fairly complicated in my situation. I have a large number of folders and subfolders. So entering each one manually, without mistake would be almost impossible.
The main reason I would have wanted this is because I have a Username Password entry page for my index.file. From here the user is sent to a selection page and from there to their particular page of interest. If the final page location can be seen in the address bar, then next time they want to access that page they just have to enter that final page location into their browser and bypass the index page. Of course they could give a link with that address to anyone and they could access the page without a username and password. Of course I would like to prevent this.
Is there some other method to achieve this? |
|
Back to top |
|
|
fhutt -
Joined: 14 Jul 2019 Posts: 43
|
Posted: Mon Jul 22, 2019 8:46 am Post subject: |
|
|
I think I found a solution.
I worked out how set up Passwrds in Abyss.
Now that Abyss issues a Username and Password request, how will my Let's Encrypt certificate be renewed? How will their website obtain access to my website without the Username and Password I set? |
|
Back to top |
|
|
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Wed Jul 24, 2019 12:27 am Post subject: |
|
|
fhutt wrote: | I think I found a solution.
I worked out how set up Passwrds in Abyss.
Now that Abyss issues a Username and Password request, how will my Let's Encrypt certificate be renewed? How will their website obtain access to my website without the Username and Password I set? |
OK great!
You don't have to worry about your certificates with password-protected sites. I have one also and Abyss renews it without problem. _________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
fhutt -
Joined: 14 Jul 2019 Posts: 43
|
Posted: Wed Jul 24, 2019 12:41 am Post subject: |
|
|
Now that the Username and Password system from Abyss is working, I have to change my index file. But, this is trivial and almost finished. Having the website encrypted makes the site more private. Being able to access individual files from the address bar is also ok since a username and password will be required.
I am just about there now.
Stephen, Thank you so much for your help. |
|
Back to top |
|
|
pkSML -
Joined: 29 May 2006 Posts: 952 Location: Michigan, USA
|
Posted: Wed Jul 24, 2019 12:58 am Post subject: |
|
|
fhutt wrote: | Now that the Username and Password system from Abyss is working, I have to change my index file. But, this is trivial and almost finished. Having the website encrypted makes the site more private. Being able to access individual files from the address bar is also ok since a username and password will be required.
I am just about there now.
Stephen, Thank you so much for your help. |
You're welcome! Glad you're getting the hang of things. _________________ Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
Back to top |
|
|
|