On Wed, Oct 15, 2008 at 8:52 AM, Yoom Nguyen <yoom@xxxxxxxxxxxxxx> wrote: > Eric, > > It seems if I enable /srv/www/domainroot/images/* via AppArmor then > I don't even need to declare <Directory "/images/"> in Apache configuration file. Is this true? It's true that making the files unreadable via the OS prevents Apache from reading them. > > > I assume apache2 will not allow something like this? > <Directory "/images/"> > Options None > Order deny,allow > Deny from all > Allow from 172.24.16.0/255.255.248.0 > Allow from 172.21.160.0/255.255.254.0 > Allow from 65.123.86.50 > Allow from 172.25.15.20 > Allow from 172.25.15.21 > </Directory> You still have "/images/" instead of "/srv/www/domainroot/images/" so I suspect this stanza doesn't do anything. You can use multiple Allow directives. They're largely irrelevant if you've configured the OS to not permit Apache to read the files. > How can I protect an directory without using AppArmor? > Can you provide some example please. http://httpd.apache.org/docs/2.2/sections.html http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html Your default config likely has examples. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx