Access control, VirtualHost & Apache 2.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear group,

I finally started to migrate an Apache 2.2 config to 2.4. I've read the
migration document at
https://httpd.apache.org/docs/trunk/upgrading.html#run-time but I have a
hard time understanding the new access control model.

My config is mainly VirtualHost sections, in some of them I do have
Directory or Location directives, but others are pretty basic, for
example this one:

--
   <VirtualHost *:80>
      DocumentRoot "/webspace/example.org/blog"
      ServerName blog.example.org
      CustomLog /var/log/httpd/example-access.log combined
      ErrorLog /var/log/httpd/example-error.log
   </VirtualHost>
--

This used to work fine in 2.2 that way but in 2.4 I get an access denied
by default.

In my httpd.conf shipped by FreeBSD I see:

--
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied
</Directory>
--

So my interpretation is that I have to explicitly allow access to any
other directory, even those in VirtualHost sections.

If I add

--
      <Directory "/">
        Require all granted
      </Directory>
--

This seems to work.

So I wonder what best practices is, should I add this to each
VirtualHost so the permission is explicitly set or would I change the
default access that currently denies it?

Or am I completely on the wrong track? I've tried to google a bit on the
topic but I could not find clear recommendations on how to handle it
with VirtualHost.

Any hints are welcome

Thanks

Adrian


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux