logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache SSI
Author
rickwschneider



Joined: 23 Jan 2019
Posts: 7

PostPosted: Wed 23 Jan '19 1:12    Post subject: Apache SSI Reply with quote

I'll apologize in advance, I'm very new to Apache server administration.

We have an Apache server configured to allow server-sided includes with a file extension of .inc. However, we don't want people to be able to browse directly to the .inc files and view them.

Originally, what I did is add this directive to the directory config for the html root:

Code:

<Directory "/var/www/html">
        <FilesMatch "(^.+\.(inc)$)">
                Require all denied
        </FilesMatch>
</Directory>


It worked great, except now the server will not render the content from the .inc files at all. How can I:

A) Keep users from directly viewing the .inc files
-and-
B) Still allow them to be processed as server-sided includes and have their content provided to the web viewers

Thanks in advance,
Rick
Back to top
timo



Joined: 03 Jun 2012
Posts: 45
Location: FI, EU

PostPosted: Wed 23 Jan '19 19:31    Post subject: Re: Apache SSI Reply with quote

Have you tried rewriting?
https://stackoverflow.com/questions/24408307/how-to-disable-server-side-includes-ssi-using-htaccess
Back to top
rickwschneider



Joined: 23 Jan 2019
Posts: 7

PostPosted: Thu 24 Jan '19 18:42    Post subject: Reply with quote

Thanks for your response.

I took a look at that article and put in a similar rule, but it had the same results as if I had forbidden the file extension within the main httpd.conf file.

Any other thoughts?
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Fri 25 Jan '19 4:12    Post subject: Reply with quote

Code:
<Files ~ "\.inc$">
    <If "(%{SERVER_PROTOCOL} == 'INCLUDED')">
        Require all granted
    </If>
    <Else>
        Require all denied
    </Else>
</Files>

Works for me
Back to top
rickwschneider



Joined: 23 Jan 2019
Posts: 7

PostPosted: Fri 25 Jan '19 18:57    Post subject: Reply with quote

Awesome, that worked like a charm. Thanks so much!
Back to top


Reply to topic   Topic: Apache SSI View previous topic :: View next topic
Post new topic   Forum Index -> Apache