|
No problem Vern, I appreciate the info. I'm still of the opinion that the AliasMatch ^/(.*) /$1 was added to the conf by the installation of software not someone manually adding it into the conf...but...what would removing it do? Here's the statements;
Browse : /www/apache/conf/httpd.conf
AliasMatch ^/(.*) /$1
Alias /legasuite/ /LEGASUITE/
Alias /legasuitenew/ /LEGASUITENEW/
AliasMatch ^/AL3DOWN/(.*) /AL3DOWN/$1
Alias /legasuiteo/ /LEGASUITEO/
# DirShowByte On
# DirShowDescription 25
# DirShowMaxLen 15
# DirShowMinLen 15
# UseACLs protectonly
# HostName 172.18.3.254
************End of Data********************
-----Original Message-----
From: Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Sent: Tue, Jan 29, 2013 12:40 pm
Subject: Re: [WEB400] AliasMatch ^/(.*) /$1
Hi Frank
Sorry for any confusion.
One thing I know is, there are no default AliasMatch directives when a
erver instance is created using the admin browser interface.
So I don't know why it's there - it still strikes me as a possible
ecurity hole. Of course, security is established in each <directory>
irective, and this doesn't expose anything until you specify those
ontainers (that's what it's called, right? when you use the <directory?
hing).
So maybe it's a convenience to be able easily to add access to folders
utside of DocumentRoot - I used an AliasMatch root in the Apache server
unning on my PC to point to a directory on an entirely different drive.
Vern
On 1/29/2013 10:00 AM, fbocch2595@xxxxxxx wrote:
Hi Vern, that's confusing but...a lot of the server stuff is...but it all
eems to work. My guess is that the statement AliasMatch ^/(.*) /$1 is in all
ur /www/apache/conf/httpd.conf's because it's a default and also the same with
Allow From all" which I see several times in teh conf and I'm assuming that's
he default too.
Thanks for the info, Frank
-----Original Message-----
From: Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Sent: Mon, Jan 28, 2013 4:13 pm
Subject: Re: [WEB400] AliasMatch ^/(.*) /$1
Frank
As far as I know, this is weird - it has this effect -
The regular expression that defines the match is (.*) - this means any
haracter (the dot) repeated (the asterisk) will be saved as a value
hat can be used later in the expression (the parentheses) and it is the
irst one, so that replacement marker will be $1.
The caret means the end of the URL including port, maybe - actually the
eginning of what follows that - weird way to describe - sorry.
So this means that if you put the word home at the end of a URL, as here -
http://some.url.com:port/home
it will try to work with things in the
/home
directory in the IFS.
But then you either need a container (<directory> directive) for either
he root of the IFS or for the home directory, to define access to
ontents of that directory - but this is ultra generic - that's why I
hink it's weird. Maybe even a security issue, but I'm not sure of that.
Is there also in the httpd.conf a <directory> entry that looks like
<directory />
and is there an "allow all" in there?
If so, it's a gaping hole, again, so far as I know!!
Now the web admin would NOT put this in on its own, that I know of.
That's all I know on a Monday.
HTH
ern
On 1/28/2013 1:19 PM, fbocch2595@xxxxxxx wrote:
Hi Folks, I'm working with biz partners who are asking me how AliasMatch
/(.*) /$1
got in /www/apache/conf/httpd.conf. I'm assuming that AliasMatch ^/(.*) /$1
as added by the OS (licpgm's?)...is that true? If anyone want to explain what
he AliasMatch ^/(.*) /$1 statement is plz do but not necessary. We don't use
lias names as far as I know since the server properties don't show AliasMatch
/(.*) /$1 on any of the screens except as an example, when I view my servers
ia http://172.1.1.111:2001/HTTPAdmin
Is it typical to have /www/apache/conf/httpd.conf contain AliasMatch ^/(.*)
$1?
Thanks, Frank
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.