You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Brandon Phelps <bp...@gls.com> on 2011/09/29 23:24:55 UTC
[users@httpd] Quick Allow/Deny Question
Hello all,
I am a bit confused regarding the difference between:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
and:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
I am trying to lock down the server to only allow connections from my local subnet, so should I place these Order/Allow/Deny statements in the / directory block, or the /var/www?
Thanks!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Quick Allow/Deny Question
Posted by Pete Houston <ph...@openstrike.co.uk>.
You can always Alias or ScriptAlias outside the DocumentRoot. Igor's
advice is correct.
Pete
On Fri, Sep 30, 2011 at 09:14:00AM -0400, Brandon Phelps wrote:
> I guess I am just a little confused as to why there is a <Directory /> at all? If my DocumentRoot is set to /var/www then wouldn't that prevent anyone from accessing anything above /var/www in the directory structure anyway, thus making the <Directory /> kind of pointless?
>
> On 09/29/2011 06:44 PM, Igor Cicimov wrote:
> >Your root directory / should always be Deny from all. Then you allow access to other directories per need.
--
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
Re: [users@httpd] Quick Allow/Deny Question
Posted by Brandon Phelps <bp...@gls.com>.
I guess I am just a little confused as to why there is a <Directory /> at all? If my DocumentRoot is set to /var/www then wouldn't that prevent anyone from accessing anything above /var/www in the directory structure anyway, thus making the <Directory /> kind of pointless?
On 09/29/2011 06:44 PM, Igor Cicimov wrote:
> Your root directory / should always be Deny from all. Then you allow access to other directories per need.
>
> On Sep 30, 2011 7:25 AM, "Brandon Phelps" <bphelps@gls.com <ma...@gls.com>> wrote:
> > Hello all,
> >
> > I am a bit confused regarding the difference between:
> >
> > <Directory />
> > Options FollowSymLinks
> > AllowOverride None
> > </Directory>
> >
> > and:
> >
> > <Directory /var/www/>
> > Options Indexes FollowSymLinks MultiViews
> > AllowOverride None
> > Order allow,deny
> > allow from all
> > </Directory>
> >
> > I am trying to lock down the server to only allow connections from my local subnet, so should I place these Order/Allow/Deny statements in the / directory block, or the /var/www?
> >
> > Thanks!
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org <ma...@httpd.apache.org>
> > " from the digest: users-digest-unsubscribe@httpd.apache.org <ma...@httpd.apache.org>
> > For additional commands, e-mail: users-help@httpd.apache.org <ma...@httpd.apache.org>
> >
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Quick Allow/Deny Question
Posted by Igor Cicimov <ic...@gmail.com>.
Your root directory / should always be Deny from all. Then you allow access
to other directories per need.
On Sep 30, 2011 7:25 AM, "Brandon Phelps" <bp...@gls.com> wrote:
> Hello all,
>
> I am a bit confused regarding the difference between:
>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
> and:
>
> <Directory /var/www/>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
>
> I am trying to lock down the server to only allow connections from my
local subnet, so should I place these Order/Allow/Deny statements in the /
directory block, or the /var/www?
>
> Thanks!
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>