Re: Apache directory access & Suse AppArmor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Eric,

It seems if I enable /srv/www/domainroot/images/* via AppArmor then
I don't even need to declare <Directory "/images/"> in Apache configuration file.  Is this true?


I assume apache2 will not allow something like this?
<Directory "/images/"> 
      Options None
      Order deny,allow
      Deny from all
      Allow from 172.24.16.0/255.255.248.0
      Allow from 172.21.160.0/255.255.254.0
      Allow from 65.123.86.50
      Allow from 172.25.15.20
      Allow from 172.25.15.21
</Directory>



How can I protect an directory without using AppArmor?
Can you provide some example please.

Thanks,
Y





----- Original Message -----
From: "Eric Covener" <covener@xxxxxxxxx>
To: users@xxxxxxxxxxxxxxxx
Sent: Wednesday, October 15, 2008 10:53:38 PM (GMT-0500) America/New_York
Subject: Re:  Apache directory access & Suse AppArmor

On Wed, Oct 15, 2008 at 7:53 AM, Yoom Nguyen <yoom@xxxxxxxxxxxxxx> wrote:
> Can anyone tell me what is the different between Apache2 directory access as
> compare to AppArmor come with SuSE?

They're independent, and you need to satisfy both to successfully
serve a file. Just like Apache config and traditional filesystem
permissions.


> <Directory "/images/">

This should be a physical on-disk directory, not a URL-path or a
directory name under your document root. If there's no literal
directory /images/ in your filesystem, this snippet configuration
never applies.

-- 
Eric Covener
covener@xxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux