You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Bill Kelly <bi...@cts.com> on 2003/01/08 03:11:27 UTC
[users@httpd] trouble restricting access to
Hi,
I'm running Linux / Apache-1.3.26, and I hope this isn't a FAQ, but
I've been reading the manual and can't figure out what I'm doing
wrong.
In my default Apache installation (Mandrake 9.0), the document root
is set to /var/www/html, in which is a symbolic link to the Apache
manual:
/var/www/html/manual -> ../../../usr/share/doc/apache-manual-1.3.26/
In /etc/httpd/conf/commonhttpd.conf, I noticed a <Directory>
directive already existing that would seem to restrict access
to the manual, via:
<Directory /usr/share/doc>
Options Indexes FollowSymLinks
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
However, I seem to be able to access http://mydomain/manual/index.html
from any IP. In access_log, I see my successful access from a
remote system:
192.188.72.17 - - [07/Jan/2003:17:44:25 -0800]
"GET /manual/index.html HTTP/1.0" 200 9465 "-"
"Lynx/2.8.5dev.7 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6a"
I also tried a wildcard on the path (though didn't seem from the
docs it would be necessary): <Directory /usr/share/doc/*> but
this change had no apparent effect.
I suspect I'm missing something pretty basic here... Hopefully
some kind soul can knock me upside the head with the correct
approach :)
Thanks,
Bill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trouble restricting access to
Posted by Bill Kelly <bi...@cts.com>.
Hi Jaqui,
From: "J. Greenlees" <ja...@shaw.ca>
> simplest way is just take the link out of /var/www/html
> drop it in your home dir so you can easily get the docs still.
> but the man doesn't need to be on your server space.
Thanks; true, I could remove the link - but I was hoping to
understand the default installation by tweaking settings
in commonhttpd.conf, etc., as I read through bits of the
manual - and was just alarmed that my attempt at exercizing
access control over that linked directory had no effect
(especially 'cause the <Directory> directive in the
default config appeared to be set up to do just that.)
So I was wondering if I was doing something wrong?
Or is there (maybe?) a limitation in restricting access to
paths that are symbolic links in the document root-and-below
pointing outside elsewhere in the system?
Thanks,
Bill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] trouble restricting access to
Posted by "J. Greenlees" <ja...@shaw.ca>.
simplest way is just take the link out of /var/www/html
drop it in your home dir so you can easily get the docs still.
but the man doesn't need to be on your server space.
Bill Kelly wrote:
> Hi,
>
> I'm running Linux / Apache-1.3.26, and I hope this isn't a FAQ, but
> I've been reading the manual and can't figure out what I'm doing
> wrong.
>
> In my default Apache installation (Mandrake 9.0), the document root
> is set to /var/www/html, in which is a symbolic link to the Apache
> manual:
> /var/www/html/manual -> ../../../usr/share/doc/apache-manual-1.3.26/
>
> In /etc/httpd/conf/commonhttpd.conf, I noticed a <Directory>
> directive already existing that would seem to restrict access
> to the manual, via:
>
> <Directory /usr/share/doc>
> Options Indexes FollowSymLinks
> Order deny,allow
> Deny from all
> Allow from 127.0.0.1
> </Directory>
>
> However, I seem to be able to access http://mydomain/manual/index.html
> from any IP. In access_log, I see my successful access from a
> remote system:
>
> 192.188.72.17 - - [07/Jan/2003:17:44:25 -0800]
> "GET /manual/index.html HTTP/1.0" 200 9465 "-"
> "Lynx/2.8.5dev.7 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6a"
>
>
> I also tried a wildcard on the path (though didn't seem from the
> docs it would be necessary): <Directory /usr/share/doc/*> but
> this change had no apparent effect.
>
>
> I suspect I'm missing something pretty basic here... Hopefully
> some kind soul can knock me upside the head with the correct
> approach :)
>
>
> Thanks,
>
> Bill
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org