You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Daniel D Jones <dd...@riddlemaster.org> on 2010/01/03 19:24:09 UTC
[users@httpd] Associate Alias with a VirtualHost
How do you associate an Alias with a specific VirtualHost?
Under sites-enabled/000-default, I have:
<VirtualHost *>
...
</VirtualHost>
<VirutalHost www.mydomain.com:443>
...
</VirtualHost>
Then under a file in conf.d, I have an alias
Alias /blah /foor/bar
...
I want this alias to take affect only under the SSL virtual host, and to be
unavailable on port 80.
I tried wrapping the Alias and associated configs under a VirtualHost tag but
that creates overlapping VirtualHosts and breaks SSL completely. I also tried
going to a NameVirtualHost like so:
NameVirtualHost 1.2.3.4:443
<VirtualHost 1.2.3.4:443>
ServerName www.mydomain.com
...
and wrapping the alias in a VirtualHost tag. This gets rid of the complaint
about overlapping VirtualHosts but also breaks SSL completely.
I could, of course, move the Alias and associated configs under the
<VirtualHost> section of 000-default, but that rather defeats the purpose of
having split config files.
I've pored over the Apache docs, dug through the wiki and tried a plethora of
different Google searches and haven't been able to find the answer to what I
would think would be a simple and fairly common scenario. Maybe my search-fu
is weak.
Any assistance or pointers to relevant pages or docs would be greatly
appreciated.
--
"Marijuana makes you sensitive. Courtesy has a great deal to do with being
sensitive. Unfortunately marijuana makes you the kind of sensitive where you
insist on everyone listening to the drum solo in Iron Butterfly's 'In-a-Gadda-
Da-Vida' fifty or sixty times." - P.J. O'Rourke
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Associate Alias with a VirtualHost
Posted by Eric Covener <co...@gmail.com>.
> Redirect permanent /usr/share/blah https://www.mydomain.com/blah
>
> Specifying the full path did not work. This seems a bit inconsistent, since
> redirects under the DocumentRoot specify the full path, including the path to
> the DocumentRoot.
AFAIK, it's always got to be a URL-path and not a filesystem path.
>
> This is acceptable but I'd prefer to just block access from http rather than
> redirect. Neither of the following two approaches, placed under the default
> <VirtualHost *>, worked:
>
> <Directory /blah>
> AllowOverride None
> Order deny,allow
> Deny from all
> </Directory>
This would be for a literal directory of "/blah" in your filesystem.
>
> <Directory /usr/share/blah>
> AllowOverride None
> Order deny,allow
> Deny from all
> </Directory>
>
Ought to work if you're really serving a static file mapped to that diretory.
> Out of curiosity, what are the advantages/disadvantages of using an alias to
> redirect and simply creating a file link to the appropriate directory under
> DocumentRoot? If I simply created a link /var/www/blah pointing to
> /usr/share/blah, then I could use a <Directory> container to block access, as
> is done with the /var/www/ssl directory above. I suspect that there are
> security implications but it isn't clear to me what they are.
Using Alias and a corresponding <Directory> container (2nd arg of
Alias matches Directory container) is pretty normal. Something else
is confusing your tests.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Associate Alias with a VirtualHost
Posted by Daniel D Jones <dd...@riddlemaster.org>.
On Sunday 03 January 2010 13:48:09 Eric Covener wrote:
> On Sun, Jan 3, 2010 at 1:24 PM, Daniel D Jones <dd...@riddlemaster.org>
wrote:
> > I want this alias to take affect only under the SSL virtual host
> >
> > I could, of course, move the Alias and associated configs under the
> > <VirtualHost> section of 000-default, but that rather defeats the purpose
> > of having split config files.
Thanks for the assist.
> If you don't want to put the alias in the proper context (your own SSL
> VirtualHost), you can configure it globally and redirect to SSL in a
> <Directory> container:
> http://wiki.apache.org/httpd/RedirectSSL
Given:
Alias /blah /usr/share/blah
I was able to redirect by putting
Redirect permanent /blah https://www.mydomain.com/blah
in the global section of 000-default. (That is, it's under <VirtualHost *>
but not under a <Directory> container.) My first attempt was:
Redirect permanent /usr/share/blah https://www.mydomain.com/blah
Specifying the full path did not work. This seems a bit inconsistent, since
redirects under the DocumentRoot specify the full path, including the path to
the DocumentRoot.
This is acceptable but I'd prefer to just block access from http rather than
redirect. Neither of the following two approaches, placed under the default
<VirtualHost *>, worked:
<Directory /blah>
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /usr/share/blah>
AllowOverride None
Order deny,allow
Deny from all
</Directory>
But the following:
<Directory /var/www/ssl>
AllowOverride None
Order deny,allow
Deny from all
</Directory>
where /var/www is the document root, does get denied from http.
> Split config files allow the packager to maintain a subset of your
> config files, and allow other packages to drop config files into place
> without editing existing files, but there's little cause for adding
> directives out of context to keep them tidy in some filesystem layout
> that Apache doesn't care about.
The conf.d file was installed by a package, and I'd prefer not to remove it if
possible so that future updates to the package won't be confused. I also think
split config files are easier to edit and maintain by hand but that's just a
matter of personal preference.
Out of curiosity, what are the advantages/disadvantages of using an alias to
redirect and simply creating a file link to the appropriate directory under
DocumentRoot? If I simply created a link /var/www/blah pointing to
/usr/share/blah, then I could use a <Directory> container to block access, as
is done with the /var/www/ssl directory above. I suspect that there are
security implications but it isn't clear to me what they are.
Thanks again for your time and effort.
--
"The most glorious moments in your life are not the so-called days of success,
but rather those days when out of dejection and despair you feel rise in you a
challenge to life, and the promise of future accomplishments." - Gustave
Flaubert
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Associate Alias with a VirtualHost
Posted by Eric Covener <co...@gmail.com>.
On Sun, Jan 3, 2010 at 1:24 PM, Daniel D Jones <dd...@riddlemaster.org> wrote:
> I want this alias to take affect only under the SSL virtual host
> I could, of course, move the Alias and associated configs under the
> <VirtualHost> section of 000-default, but that rather defeats the purpose of
> having split config files.
If you don't want to put the alias in the proper context (your own SSL
VirtualHost), you can configure it globally and redirect to SSL in a
<Directory> container:
http://wiki.apache.org/httpd/RedirectSSL
Split config files allow the packager to maintain a subset of your
config files, and allow other packages to drop config files into place
without editing existing files, but there's little cause for adding
directives out of context to keep them tidy in some filesystem layout
that Apache doesn't care about.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org