Re: Apache directory access & Suse AppArmor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric said:
> <Directory "/images/">
> 
> This should be a physical on-disk directory, not a URL-path or a
> directory name under your document root. If there's no literal
> directory /images/ in your filesystem, this snippet configuration
> never applies.

On Wed, 2008-10-15 at 07:52 -0500, Yoom Nguyen wrote:
> Eric,
> 
> It seems if I enable /srv/www/domainroot/images/* via AppArmor then
> I don't even need to declare <Directory "/images/"> in Apache configuration file.  Is this true?
> 
> 
> I assume apache2 will not allow something like this?
> <Directory "/images/"> 
  <Directory "/srv/www/domainroot/images">
>       Options None
>       Order deny,allow
>       Deny from all
>       Allow from 172.24.16.0/255.255.248.0
>       Allow from 172.21.160.0/255.255.254.0
>       Allow from 65.123.86.50
>       Allow from 172.25.15.20
>       Allow from 172.25.15.21
> </Directory>
> 
> 
> 
> How can I protect an directory without using AppArmor?
> Can you provide some example please.
> 
> Thanks,
> Y

<Directory> adds permissions to actual physical on-disk directories.
<Location> adds permissions to URLs.

So if you access the file through the url
http://www.foo.com/images/foo.jpg , and the file foo.jpg is in the
folder /srv/www/domainroot/images , then you can achieve what you want
with either a <Location /images> or a
<Directory /srv/www/domainroot/images>. If you still don't get it, RTFM
a bit, this is all explained explicitly in there.

Tom

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux