Hi Frank

I wouldn't remove it now - someone else may have more to weigh in.

The security is set in individual directory sections, so this probably isn't any problem - just strange in my limited experience.

It does tell the apache server to work with any IFS directory a person happens to put at the end of the URL in the browser, if there is a directory section for that. Or for any file whatsoever, so long as its parent directory is specified in a <directory>

An example - the URL could be http://your-ip:some-port/qsys.lib/somelib.lib/somepgm.pgm

It's try to execute the program SOMEPGM in library SOMELIB, I think - please, someone else confirm this!!

Of course, user permissions apply - and there'd have to be a directive like this -

<directory /QSYS.LIB/SOMELIB.LIB>

with allow all kinds of directives.

Again, it LOOKS weird, but I have only enough experience to say that!

HTH
Vern

On 1/30/2013 9:35 AM, fbocch2595@xxxxxxx wrote:
Hi Vern, I'm definitely not beyond your knowledge and that was just the end of the conf and isn't the AliasMatch simply pointing to /LEGASUITE when /legasuite is specified? I don't think it s/b removed but if it's presenting a security risk I wonder what removing it would do.
Thanks, Frank












-----Original Message-----
From: Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Sent: Wed, Jan 30, 2013 10:06 am
Subject: Re: [WEB400] AliasMatch ^/(.*) /$1


Frank
You have me smiling as I think you're beyond my knowledge now. Is this
he whole config file? If so, it looks like allowing directory listings
rom wherever and specifically for some - but i think you need an
options +indexes" at the global level, or in specific containers.
Just guessing. And yes, something has done this automagically. The
onfig I put together for the WebDocs product had specific stuff in it,
nd there was a command to do all the work.
Vern
On 1/30/2013 8:18 AM, fbocch2595@xxxxxxx wrote:
No problem Vern, I appreciate the info. I'm still of the opinion that the
liasMatch ^/(.*) /$1 was added to the conf by the installation of software not
omeone manually adding it into the conf...but...what would removing it do?
ere's the statements;

Browse : /www/apache/conf/httpd.conf

AliasMatch ^/(.*) /$1
Alias /legasuite/ /LEGASUITE/
Alias /legasuitenew/ /LEGASUITENEW/
AliasMatch ^/AL3DOWN/(.*) /AL3DOWN/$1
Alias /legasuiteo/ /LEGASUITEO/
# DirShowByte On
# DirShowDescription 25
# DirShowMaxLen 15
# DirShowMinLen 15
# UseACLs protectonly
# HostName 172.18.3.254
************End of Data********************



-----Original Message-----
From: Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Sent: Tue, Jan 29, 2013 12:40 pm
Subject: Re: [WEB400] AliasMatch ^/(.*) /$1


Hi Frank
Sorry for any confusion.
One thing I know is, there are no default AliasMatch directives when a
erver instance is created using the admin browser interface.
So I don't know why it's there - it still strikes me as a possible
ecurity hole. Of course, security is established in each <directory>
irective, and this doesn't expose anything until you specify those
ontainers (that's what it's called, right? when you use the <directory?
hing).
So maybe it's a convenience to be able easily to add access to folders
utside of DocumentRoot - I used an AliasMatch root in the Apache server
unning on my PC to point to a directory on an entirely different drive.
Vern
On 1/29/2013 10:00 AM, fbocch2595@xxxxxxx wrote:
Hi Vern, that's confusing but...a lot of the server stuff is...but it all
eems to work. My guess is that the statement AliasMatch ^/(.*) /$1 is in all
ur /www/apache/conf/httpd.conf's because it's a default and also the same with
Allow From all" which I see several times in teh conf and I'm assuming that's
he default too.
Thanks for the info, Frank

-----Original Message-----
From: Vernon Hamberg <vhamberg@xxxxxxxxxxxxxxx>
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Sent: Mon, Jan 28, 2013 4:13 pm
Subject: Re: [WEB400] AliasMatch ^/(.*) /$1


Frank
As far as I know, this is weird - it has this effect -
The regular expression that defines the match is (.*) - this means any
haracter (the dot) repeated (the asterisk) will be saved as a value
hat can be used later in the expression (the parentheses) and it is the
irst one, so that replacement marker will be $1.
The caret means the end of the URL including port, maybe - actually the
eginning of what follows that - weird way to describe - sorry.
So this means that if you put the word home at the end of a URL, as here -
http://some.url.com:port/home
it will try to work with things in the
/home
directory in the IFS.
But then you either need a container (<directory> directive) for either
he root of the IFS or for the home directory, to define access to
ontents of that directory - but this is ultra generic - that's why I
hink it's weird. Maybe even a security issue, but I'm not sure of that.
Is there also in the httpd.conf a <directory> entry that looks like
<directory />
and is there an "allow all" in there?
If so, it's a gaping hole, again, so far as I know!!
Now the web admin would NOT put this in on its own, that I know of.
That's all I know on a Monday.
HTH
ern
On 1/28/2013 1:19 PM, fbocch2595@xxxxxxx wrote:

Hi Folks, I'm working with biz partners who are asking me how AliasMatch
/(.*) /$1
got in /www/apache/conf/httpd.conf. I'm assuming that AliasMatch ^/(.*)
$1
as added by the OS (licpgm's?)...is that true? If anyone want to explain
hat
he AliasMatch ^/(.*) /$1 statement is plz do but not necessary. We don't
se
lias names as far as I know since the server properties don't show
liasMatch
/(.*) /$1 on any of the screens except as an example, when I view my servers
ia http://172.1.1.111:2001/HTTPAdmin
Is it typical to have /www/apache/conf/httpd.conf contain AliasMatch
/(.*)
$1?

Thanks, Frank




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.