You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Bill Kelly <bi...@cts.com> on 2003/01/08 03:11:27 UTC

[users@httpd] trouble restricting access to

Hi,

I'm running Linux / Apache-1.3.26, and I hope this isn't a FAQ, but
I've been reading the manual and can't figure out what I'm doing
wrong.

In my default Apache installation (Mandrake 9.0), the document root
is set to /var/www/html, in which is a symbolic link to the Apache
manual:
/var/www/html/manual -> ../../../usr/share/doc/apache-manual-1.3.26/

In /etc/httpd/conf/commonhttpd.conf, I noticed a <Directory>
directive already existing that would seem to restrict access
to the manual, via:

<Directory /usr/share/doc>
    Options Indexes FollowSymLinks
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
</Directory>

However, I seem to be able to access http://mydomain/manual/index.html
from any IP.  In access_log, I see my successful access from a 
remote system:

192.188.72.17 - - [07/Jan/2003:17:44:25 -0800]
 "GET /manual/index.html HTTP/1.0" 200 9465 "-" 
 "Lynx/2.8.5dev.7 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6a"


I also tried a wildcard on the path (though didn't seem from the
docs it would be necessary): <Directory /usr/share/doc/*> but
this change had no apparent effect.


I suspect I'm missing something pretty basic here...  Hopefully
some kind soul can knock me upside the head with the correct 
approach :)


Thanks,

Bill




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] trouble restricting access to

Posted by Bill Kelly <bi...@cts.com>.

Hi Jaqui,

From: "J. Greenlees" <ja...@shaw.ca>
> simplest way is just take the link out of /var/www/html
> drop it in your home dir so you can easily get the docs still.
> but the man doesn't need to be on your server space.

Thanks; true, I could remove the link - but I was hoping to
understand the default installation by tweaking settings
in commonhttpd.conf, etc., as I read through bits of the
manual - and was just alarmed that my attempt at exercizing
access control over that linked directory had no effect
(especially 'cause the <Directory> directive in the 
default config appeared to be set up to do just that.)

So I was wondering if I was doing something wrong?

Or is there (maybe?) a limitation in restricting access to
paths that are symbolic links in the document root-and-below
pointing outside elsewhere in the system?


Thanks,

Bill





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] trouble restricting access to

Posted by "J. Greenlees" <ja...@shaw.ca>.

simplest way is just take the link out of /var/www/html
drop it in your home dir so you can easily get the docs still.
but the man doesn't need to be on your server space.

Bill Kelly wrote:
> Hi,
> 
> I'm running Linux / Apache-1.3.26, and I hope this isn't a FAQ, but
> I've been reading the manual and can't figure out what I'm doing
> wrong.
> 
> In my default Apache installation (Mandrake 9.0), the document root
> is set to /var/www/html, in which is a symbolic link to the Apache
> manual:
> /var/www/html/manual -> ../../../usr/share/doc/apache-manual-1.3.26/
> 
> In /etc/httpd/conf/commonhttpd.conf, I noticed a <Directory>
> directive already existing that would seem to restrict access
> to the manual, via:
> 
> <Directory /usr/share/doc>
>     Options Indexes FollowSymLinks
>     Order deny,allow
>     Deny from all
>     Allow from 127.0.0.1
> </Directory>
> 
> However, I seem to be able to access http://mydomain/manual/index.html
> from any IP.  In access_log, I see my successful access from a 
> remote system:
> 
> 192.188.72.17 - - [07/Jan/2003:17:44:25 -0800]
>  "GET /manual/index.html HTTP/1.0" 200 9465 "-" 
>  "Lynx/2.8.5dev.7 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6a"
> 
> 
> I also tried a wildcard on the path (though didn't seem from the
> docs it would be necessary): <Directory /usr/share/doc/*> but
> this change had no apparent effect.
> 
> 
> I suspect I'm missing something pretty basic here...  Hopefully
> some kind soul can knock me upside the head with the correct 
> approach :)
> 
> 
> Thanks,
> 
> Bill
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org