On Sunday 03 January 2010 13:48:09 Eric Covener wrote:
> On Sun, Jan 3, 2010 at 1:24 PM, Daniel D Jones <ddjones@xxxxxxxxxxxxxxxx>
wrote:
> > I want this alias to take affect only under the SSL virtual host
> >
> > I could, of course, move the Alias and associated configs under the
> > <VirtualHost> section of 000-default, but that rather defeats the purpose
> > of having split config files.
Thanks for the assist.
> If you don't want to put the alias in the proper context (your own SSL
> VirtualHost), you can configure it globally and redirect to SSL in a
> <Directory> container:
> http://wiki.apache.org/httpd/RedirectSSL
Given:
Alias /blah /usr/share/blah
I was able to redirect by putting
Redirect permanent /blah https://www.mydomain.com/blah
in the global section of 000-default. (That is, it's under <VirtualHost *>
but not under a <Directory> container.) My first attempt was:
Redirect permanent /usr/share/blah https://www.mydomain.com/blah
Specifying the full path did not work. This seems a bit inconsistent, since
redirects under the DocumentRoot specify the full path, including the path to
the DocumentRoot.
This is acceptable but I'd prefer to just block access from http rather than
redirect. Neither of the following two approaches, placed under the default
<VirtualHost *>, worked:
<Directory /blah>
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /usr/share/blah>
AllowOverride None
Order deny,allow
Deny from all
</Directory>
But the following:
<Directory /var/www/ssl>
AllowOverride None
Order deny,allow
Deny from all
</Directory>
where /var/www is the document root, does get denied from http.
> Split config files allow the packager to maintain a subset of your
> config files, and allow other packages to drop config files into place
> without editing existing files, but there's little cause for adding
> directives out of context to keep them tidy in some filesystem layout
> that Apache doesn't care about.
The conf.d file was installed by a package, and I'd prefer not to remove it if
possible so that future updates to the package won't be confused. I also think
split config files are easier to edit and maintain by hand but that's just a
matter of personal preference.
Out of curiosity, what are the advantages/disadvantages of using an alias to
redirect and simply creating a file link to the appropriate directory under
DocumentRoot? If I simply created a link /var/www/blah pointing to
/usr/share/blah, then I could use a <Directory> container to block access, as
is done with the /var/www/ssl directory above. I suspect that there are
security implications but it isn't clear to me what they are.
Thanks again for your time and effort.
--
"The most glorious moments in your life are not the so-called days of success,
but rather those days when out of dejection and despair you feel rise in you a
challenge to life, and the promise of future accomplishments." - Gustave
Flaubert
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|