Current time: 12-23-2024, 09:31 PM Hello There, Guest! (LoginRegister)


Post Reply 
ProFTPd: PathDenyFilter doesn't work
Author Message
FeG Offline
Banned

Posts: 222
Joined: Aug 2007
Post: #1
ProFTPd: PathDenyFilter doesn't work
Hi all,

I'm running ispCP RC6 on a dedicated server and have updated ispCP from RC2c on. I've found out, that the proftpd.conf hasn't been updated correctly on some upgrade so I've manually copied the current proftpd.conf from svn.

Everything's working fine beside one thing: The setting
Code:
# But not to overwrite ispCP Standard directories.
<Directory ~/>
  PathDenyFilter "^/(backups|cgi-bin|htdocs|errors|logs|phptmp|statistics)/?$"
</Directory>

doesn't work. I can do the following using my FTP-Account:
Code:
ftp> rmdir cgi-bin
250 RMD command successful
ftp> mkdir cgi-bin
257 "/cgi-bin" - Directory successfully created

I don't know what might cause this problem.. but maybe some of you know Smile

Regards
FeG
10-06-2008 08:03 PM
Find all posts by this user Quote this message in a reply
sci2tech Away
Senior Member
****

Posts: 1,285
Joined: Jan 2007
Reputation: 23
Post: #2
RE: ProFTPd: PathDenyFilter doesn't work
Code:
ftp> rmdir cgi-bin
250 RMD command successful
ftp> mkdir cgi-bin
257 "/cgi-bin" - Directory successfully created
If you try rmdir /cgi-bin it wont work because regexp expect that first character is /. If you drop this character it wont work rmdir cgi-bin but it will work rmdir /cgi-bin. if you put a ? after / (PathDenyFilter "^/?(backups| ) none of this will work.
But consider that one user have a cgi-bin (or more usual a logs dir) in other folder. Then he will be able to delete only with rmdir /path/to/folder/cgi-bin but not with
cd /path/to/folder
rmdir cgi-bin
Use version that suit your need Smile . Or wait until http://www.isp-control.net/ispcp/ticket/1080 is fixed.
(This post was last modified: 10-07-2008 02:04 AM by sci2tech.)
10-07-2008 02:03 AM
Visit this user's website Find all posts by this user Quote this message in a reply
FeG Offline
Banned

Posts: 222
Joined: Aug 2007
Post: #3
RE: ProFTPd: PathDenyFilter doesn't work
(10-07-2008 02:03 AM)sci2tech Wrote:  If you try rmdir /cgi-bin it wont work because regexp expect that first character is /. If you drop this character it wont work rmdir cgi-bin but it will work rmdir /cgi-bin. if you put a ? after / (PathDenyFilter "^/?(backups| ) none of this will work.
But consider that one user have a cgi-bin (or more usual a logs dir) in other folder. Then he will be able to delete only with rmdir /path/to/folder/cgi-bin but not with
cd /path/to/folder
rmdir cgi-bin
Use version that suit your need Smile . Or wait until http://www.isp-control.net/ispcp/ticket/1080 is fixed.

You're right, rmdir /cgi-bin is not allowed, but then why is this filter in the current code? ...

@ticket 1080 : I thought beside of subdomains this was already included
Quote:03/31/08 09:23:37 changed by rats

* milestone changed from ispCP ω 1.0.0 - RC5 to ispCP ω 1.0.0.

Cube's fix will be in r1089. For subdomains -> moved to another release

So anyway, thanks for your response Smile this isn't really important for me, so I'll wait for another/a better solution...

Regards
FeG
10-07-2008 02:41 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)