Re: OT - httpd/conf.d include questions - allowing only some addresses

[Robert Moskowitz <rgm@xxxxxxxxxxxxxxx>]

On 10/07/2014 11:22 AM, Johnny Hughes wrote:
> On 10/07/2014 08:47 AM, Robert Moskowitz wrote:
> > On 10/07/2014 09:32 AM, Valeri Galtsev wrote:
> > > On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:
> > > > My web searching is not finding out the answers to this, so I turn to
> > > > you all here.
> > > >
> > > > I am trying to NOT modify my httpd/conf/httpd.conf file, and only make
> > > > changes via includes.  I have done that with a 00-init.conf where I set
> > > > things like servername and serveradmin.  Now I want to move my allow and
> > > > denies to a 01-allow.conf include.  I tried:
> > > >
> > > > <Directory "/var/www/html">
> > > >        Order allow,deny
> > > >        deny from all
> > > > </Directory>
> > > >
> > > > as that seems to be what is in the default conf, but I see in the
> > > > error_log:
> > > >
> > > > [Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory
> > > > index forbidden by Options directive: /var/www/html/
> > > For apache to automatically generate index, you need to gave the
> > > following
> > > directive:
> > >
> > >     Options Indexes
> > >
> > > If there is no such directive, and no index.html (or index.php, or
> > > whichever you described as index in config), you will get that error.
> > > Read
> > > on apache documentation to see how setting for diretory affect
> > > subdirectories.
> > Of course, if I am going to preempt the provided directory directive, I
> > have to have all the needed content.  So I tried:
> >
> > <Directory "/var/www/html">
> >      Options Indexes FollowSymLinks
> >      AllowOverride None
> >      Order deny,allow
> >      allow from 192.84.67.128/255.255.255.0
> >      deny from all
> > </Directory>
> >
> > where the allowed address is not mine, and I still get the default
> > access page.  Almost like the content later in the default httpd.conf is
> > overriding my include.
> >
> >
> > Or is it since I have no provided content, that default screen is coming
> > from somewhere else...
> >
> > No, I created a /var/www/html/index.html with only the line 'Hello
> > World', and it gets displayed.  So my deny,allow is not working...
> You did not (that I see) say what version of CentOS this is for.  The
> newer CentOS-7 apache uses different commands for this than CentOS-5 and
> CentOS-6.

Now THAT is something to watch out for...

Centos 6.

And it seems for IPv4 CIDR addresses you have to use net/mask, not net/bits.

192.84.67.128/255.255.255.192

not

192.84.67.128/26


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos