Deny/Allow directives within <Directory> have no effect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Securing a directory with Allow/Deny is supposedly 
something very simple, yet I have tried for quote a while now,
and seek help on the list. This is the setup:

I have an apache 2.2.8 on ubuntu 8.04.1 64bit, 
which is serving (and reverse proxying)
a number of pages/applications.

One of them is http://www/protected/, which is supposed 
to be accessible only from our site and a small number 
of collaborators. The <Directory> directives are below.
Despite Deny from all / Allow 192.168 it will still deliver content 
happily to outsiders, as the log shows:

141.x.x.x - - [23/Sep/2008:13:28:34 +0200] "GET /protected/index.html HTTP/1.0" 200 7675 "-" "Wget/1.11"

I thought from http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
that the Allow/Deny can only be overridden in .htaccess, 
and I can't find any reference what other directives in the 
other configuration files could interfere with these.

The /usr/lib/apache2/modules/mod_authz_host.so
is loaded on startup.

Any ideas ?

Thanks in advance, 
Steffen


<Directory "/path/to/protected">
        Order deny,allow
        Allow from 192.168
        Deny from all
        AllowOverride All
        Options -Indexes
</Directory>
JkMount /protected/jsp/* tomcat_worker

ScriptAlias /protected/cgi-bin/ /path/to/protected/cgi-bin/"
<Directory "/path/to/protected/cgi-bin">
        Order deny,allow
        Allow from 192.168
        Deny from all
        AddHandler cgi-script .cgi
        Options +ExecCGI
</Directory>

In addition I have a file protected/.htaccess which does the rewriting 
for the pages which moved to tomcat, handled by the JkMount (see below) 

cat .htaccess
RewriteEngine on
RewriteRule ^Search.html$ jsp/Search.jsp

Although I can't see how this would interfere with allow/deny,
since the index.html is not covered by the rewriting.



-- 
IPB Halle                    AG Massenspektrometrie & Bioinformatik
Dr. Steffen Neumann          http://www.IPB-Halle.DE
Weinberg 3                   http://msbi.bic-gh.de
06120 Halle                  Tel. +49 (0) 345 5582 - 1470
                                  +49 (0) 345 5582 - 0
sneumann(at)IPB-Halle.DE     Fax. +49 (0) 345 5582 - 1409


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux