On 7/24/06, Chris Johnson <johnson@xxxxxxxxxxxxxxxxxxx> wrote:
Hey all,
Have a messy config question here.
Directory and Virtualhost seem to fire up what amounts to their
own ACLs, i.e. order, allow and deny. We just got hit last week by an
autamate that probed the server, found some forms and then submited a
bunch of them. Obviously we would very much like to block this
sillyness whenever possible.
I can set up an order/allow/deny set easily enough. The problem
comes when you're running a few Directory blocks as well as
virtualhosts. It gets really messy chasing down every ACL to update
them.
The first obvious solution is a common include file included in
each directory or virtualhost block where needed. That way everything
is in one file and it's easy to main the ACL.
But this sort of thing must be pretty common these days.
So, first question. Do Directory and Virtualhost blocks have
their own ACLs? Seem to from where I'm sitting.
They do, but they will inherit from the parent context when nothing is specified. See: http://httpd.apache.org/docs/2.2/sections.html#mergin
Second. Is there any other/better way to deal with this
annoyance? What do ohers do?
Use Order/Allow/Deny directives only where you need to change the permissions applied to a parent context. Otherwise, leave them out. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|