Eric said: > <Directory "/images/"> > > This should be a physical on-disk directory, not a URL-path or a > directory name under your document root. If there's no literal > directory /images/ in your filesystem, this snippet configuration > never applies. On Wed, 2008-10-15 at 07:52 -0500, Yoom Nguyen wrote: > Eric, > > It seems if I enable /srv/www/domainroot/images/* via AppArmor then > I don't even need to declare <Directory "/images/"> in Apache configuration file. Is this true? > > > I assume apache2 will not allow something like this? > <Directory "/images/"> <Directory "/srv/www/domainroot/images"> > Options None > Order deny,allow > Deny from all > Allow from 172.24.16.0/255.255.248.0 > Allow from 172.21.160.0/255.255.254.0 > Allow from 65.123.86.50 > Allow from 172.25.15.20 > Allow from 172.25.15.21 > </Directory> > > > > How can I protect an directory without using AppArmor? > Can you provide some example please. > > Thanks, > Y <Directory> adds permissions to actual physical on-disk directories. <Location> adds permissions to URLs. So if you access the file through the url http://www.foo.com/images/foo.jpg , and the file foo.jpg is in the folder /srv/www/domainroot/images , then you can achieve what you want with either a <Location /images> or a <Directory /srv/www/domainroot/images>. If you still don't get it, RTFM a bit, this is all explained explicitly in there. Tom
Attachment:
signature.asc
Description: This is a digitally signed message part
|