Re: issues with <Directory> control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

--- Joshua Slive <joshua@xxxxxxxx> wrote:

> On 5/29/07, Pedro LaWrench <pedrolawrench@xxxxxxxxx> wrote:
> > In my main server, I allow all with
> > <Directory /mydocs>
> > Order allow,deny
> > Allow all
> > </Directory>
> >
> > Then in a virtual server (different port) I have
> > <Directory />
> > Order deny,allow
> > Allow from 10.1.2.3
> > Deny from all
> > </Directory>
> >
> > Yet, it appears that all hosts can access /mydocs through the virtual
> server.
> > Even with a deny for / in a virtual server config, is it true that more
> > specific directory entries *outside* the virtual server config will still
> be in
> > effect and take precedence?
> 
> Yes. For each directory, apache checks first for <Directory> sections
> outside vhosts then for <directory> sections inside vhosts. It does
> not apply all outside <directory> sections followed by all inside
> <directory> sections.
> 
> Joshua.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 

Thanks, that is consistent with what I am seeing, though it seems a tad
dangerous.  (Looking only at the vhost config, one might believe that
everything from / on down is restricted.)  I suppose if you are using vhosts,
you should only use directory controls within them, and not put any in the main
server that may have unintended consequences.

PL


       
____________________________________________________________________________________Sick sense of humor? Visit Yahoo! TV's 
Comedy with an Edge to see what's on, when. 
http://tv.yahoo.com/collections/222

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux