mod_suffix 20001002 review
Downloadmod_suffix will grant access to files on the webserver based on their suffix. If you're working on a large website and you're edit
|
|
mod_suffix will grant access to files on the webserver based on their suffix.
If you're working on a large website and you're editing your files in place you might be confronted with a lot of backup files that various editors leave behind - like index.html~ (Emacs) or index.html.bak (UltraEdit).
This can be a problem if you're using server-side scripting languages like Embperl or PHP: Malicious users might try to open foobar.php.bak instead of foobar.php and peek at your code to see things they shouldn't see (like bad programming style or - even worse - the password to your database).
mod_suffix tries to solve this problem by blocking access to all files that do not end with a pre-defined suffix. This might seem paranoid but at least it is a rather fast and secure method. Also, it should be flexible enough for most cases.
Requirements:
mod_suffix has been tested successfully with Apache 1.3.9 on FreeBSD 3.3 and Apache 1.3.12 on Linux 2.2.14 but I think it should work with all recent Apache releases and on all supported platforms. Please let me know about your attempts (whether successful or not) with other operating systems or other versions of Apache.
You'll need a working C compiler and its associated utilities, of course. If you've built your Apache from a source distribution you almost certainly have one...
Installation:
There are at least two ways to install this module. Which one is appropriate depends on your Apache installation.
The easy way: If your Apache is compiled with support for dynamically loadable modules (also called DSO support), you'll just have to find out where apxs is located. Go to the directory where you unpacked the mod_suffix.c source file and let apxs do the work: /usr/local/apache/bin/apxs -c -i -a mod_suffix.c
This will build mod_suffix.so as a shared object (the -c option), install the module in the right place (-i) and add the LoadModule directive to your httpd.conf file (-a). See the apxs manual page for details about these and other command line options.
If you don't know if you have DSO support, don't worry - apxs will complain in case you haven't. You can also check beforehand by letting Apache list all compiled-in modules with httpd -l. If mod_so.c is one of them, you're lucky.
The hard way: Without DSO support you will have to rebuild Apache to use mod_suffix. (You might consider building it with DSO support this time...) Create a new directory like, say, site underneath the src/modules directory in Apache's source tree and put the mod_suffix.c file there. Now configure Apache with
./configure --activate-module=src/modules/site/mod_suffix.c
--enable-module=suffix
and don't forget the other configuration options that you need. You can now build and install a new httpd as usual.
mod_suffix 20001002 keywords