You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Brandon Phelps <bp...@gls.com> on 2011/09/29 23:24:55 UTC

[users@httpd] Quick Allow/Deny Question

Hello all,

I am a bit confused regarding the difference between:

         <Directory />
                 Options FollowSymLinks
                 AllowOverride None
         </Directory>

and:

         <Directory /var/www/>
                 Options Indexes FollowSymLinks MultiViews
                 AllowOverride None
                 Order allow,deny
                 allow from all
         </Directory>

I am trying to lock down the server to only allow connections from my local subnet, so should I place these Order/Allow/Deny statements in the / directory block, or the /var/www?

Thanks!

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Quick Allow/Deny Question

Posted by Pete Houston <ph...@openstrike.co.uk>.

You can always Alias or ScriptAlias outside the DocumentRoot. Igor's
advice is correct.

Pete

On Fri, Sep 30, 2011 at 09:14:00AM -0400, Brandon Phelps wrote:
> I guess I am just a little confused as to why there is a <Directory /> at all?  If my DocumentRoot is set to /var/www then wouldn't that prevent anyone from accessing anything above /var/www in the directory structure anyway, thus making the <Directory /> kind of pointless?
> 
> On 09/29/2011 06:44 PM, Igor Cicimov wrote:
> >Your root directory / should always be Deny from all. Then you allow access to other directories per need.

-- 
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107

Re: [users@httpd] Quick Allow/Deny Question

Posted by Brandon Phelps <bp...@gls.com>.

I guess I am just a little confused as to why there is a <Directory /> at all?  If my DocumentRoot is set to /var/www then wouldn't that prevent anyone from accessing anything above /var/www in the directory structure anyway, thus making the <Directory /> kind of pointless?

On 09/29/2011 06:44 PM, Igor Cicimov wrote:
> Your root directory / should always be Deny from all. Then you allow access to other directories per need.
>
> On Sep 30, 2011 7:25 AM, "Brandon Phelps" <bphelps@gls.com <ma...@gls.com>> wrote:
>  > Hello all,
>  >
>  > I am a bit confused regarding the difference between:
>  >
>  > <Directory />
>  > Options FollowSymLinks
>  > AllowOverride None
>  > </Directory>
>  >
>  > and:
>  >
>  > <Directory /var/www/>
>  > Options Indexes FollowSymLinks MultiViews
>  > AllowOverride None
>  > Order allow,deny
>  > allow from all
>  > </Directory>
>  >
>  > I am trying to lock down the server to only allow connections from my local subnet, so should I place these Order/Allow/Deny statements in the / directory block, or the /var/www?
>  >
>  > Thanks!
>  >
>  > ---------------------------------------------------------------------
>  > The official User-To-User support forum of the Apache HTTP Server Project.
>  > See <URL:http://httpd.apache.org/userslist.html> for more info.
>  > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org <ma...@httpd.apache.org>
>  > " from the digest: users-digest-unsubscribe@httpd.apache.org <ma...@httpd.apache.org>
>  > For additional commands, e-mail: users-help@httpd.apache.org <ma...@httpd.apache.org>
>  >

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Quick Allow/Deny Question

Posted by Igor Cicimov <ic...@gmail.com>.

Your root directory / should always be Deny from all. Then you allow access
to other directories per need.
 On Sep 30, 2011 7:25 AM, "Brandon Phelps" <bp...@gls.com> wrote:
> Hello all,
>
> I am a bit confused regarding the difference between:
>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
> and:
>
> <Directory /var/www/>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
>
> I am trying to lock down the server to only allow connections from my
local subnet, so should I place these Order/Allow/Deny statements in the /
directory block, or the /var/www?
>
> Thanks!
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>