Apache virtualhost order deny, allow works only on localhost; ignores public IP for allow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

First time posting to the mail list- 
Environment:
RHEL6 
Apache v2.2 
UserDir configured/works great
SuExec configured/works great

I have restricted access to user directories as follows:

<Directory /home/*/public_html>
    Options MultiViews +ExecCGI
    AddHandler cgi-script .cgi .pl
    Order Deny,Allow
    Deny from All
</Directory>

An existing vhost with a FQDN works great. The big picture:

vhost block1: default site (/var/www)
vhost block 2: site that works great
vhost block 3: site that does not seem to obey order, deny,allow directives...

Blocks 2 and 3 are identical, except for the access directives and the various paths,etc.
For vhost 3, I want to allow access on the localhost, and, one IP from the Internet (redacted). Apache serves the site locally but, I can't access the site from the public  "xxx...." IP.  I'm using a physical path to test from the public IP as follows: xxx.xxx.xxx.xxx/~user/test/index.html

Here is vhost block 2, works great:
<VirtualHost *:80>
    ServerName user2Site
    ServerAlias user2Site
    DocumentRoot /home/user2/public_html/user2Site
    <IfModule mod_fcgid.c>
        SuexecUserGroup test test
        <Directory /home/user2/public_html/user2Site>
            Order Allow,Deny
            Allow from all
            Options +ExecCGI
            DirectoryIndex index.php index.html
            AllowOverride All
            AddHandler fcgid-script .php
            FcgiWrapper /var/www/php-fcgi-scripts/user2/php-fcgi-starter .php
        </Directory>
    </IfModule>
</VirtualHost>

Here is vhost block 3 site giving me problems:

<VirtualHost *:80>
    ServerName test
    ServerAlias test
    DocumentRoot /home/user3/public_html/test
    <IfModule mod_fcgid.c>
        SuexecUserGroup test test
        <Directory /home/user3/public_html/test>
            Order Deny,Allow
            Deny from all
            Allow from xxx.xxx.xxx.xxx 127
            Options +ExecCGI
            DirectoryIndex index.php index.html
            AllowOverride All
            AddHandler fcgid-script .php
            FcgiWrapper /var/www/php-fcgi-scripts/user3/php-fcgi-starter .php
        </Directory>
    </IfModule>
</VirtualHost>

I don't have a FQDN as yet, so I just made a entry in /etc/hosts as follows:
127.0.0.1 test

Here is an excerpt from the Apache error log: 
[Mon Jun 17 12:02:16 2013] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: /home/user3/public_html/test/index.html

I checked the suxec log and no errors are reported, the php starter script works as expected.

I've read the Apache docs and surfed the web a few days checking out other folks with similar problems. What am I missing?
-
Kirk Woellert

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux