LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 09-15-2007, 06:28 AM   #1
cbonar
Member
 
Registered: Apr 2004
Location: Paris, FRANCE
Distribution: Kubuntu + Debian
Posts: 53

Rep: Reputation: 15
Thumbs up [solved] Apache2 > "order allow,deny" to allow subdirectories


Hello,

I want to restrict my web root and allow some subdirectories like /public/, with apache2.

From http://httpd.apache.org/docs/2.2/mod...html#directory :

Code:
Note that the default Apache access for <Directory /> is Allow from All.
This means that Apache will serve any file mapped from an URL.
It is recommended that you change this with a block such as

<Directory />
Order Deny,Allow
Deny from All
</Directory>

and then override this for directories you want accessible.
Ok, but how to do it ?
The following is not working, I've no access at / nor /public/ ("client denied by server configuration: /var/www/public/").

Code:
DocumentRoot /var/www/

<Directory />
  Options FollowSymLinks MultiViews
  Order Deny,Allow
  Deny from all
</Directory>

<Directory /public/>
  Order Allow,Deny
  Allow from all
</Directory>
The following is giving me access to both / and /public/, but I don't want that :

Code:
DocumentRoot /var/www/

<Directory />
  Options FollowSymLinks MultiViews
</Directory>

<Directory /public/>
  Order Allow,Deny
  Allow from all
</Directory>

Last edited by cbonar; 09-15-2007 at 12:10 PM. Reason: solved
 
Old 09-15-2007, 10:53 AM   #2
andyccn
Member
 
Registered: Aug 2006
Distribution: Fedora 7
Posts: 46

Rep: Reputation: 15
Directory / - refers to your file-system's root, not the web-root.

So what you're saying is, the web-server cannot access the root of the file-system and anything under it - /.
Then what you have is another directive saying:

Code:
<Directory /var/www>
Order Allow,Deny
Allow from all
Options ....
</Directory>
This is a safe guard for anyone that tries to use Apache to "break-out" of the /var/www directory to serve other files.
The <Directory /var/www> overrides the safe guard on / to allow public HTML to be served.

On my server, I have:

Code:
<Directory />
Order deny,allow
Deny fromall
</Directory>

<Directory /var/www/*>
Order allow,deny
allow from all
</Directory>
so anything under /var/www is allowed to be served by the web-server.
 
Old 09-15-2007, 12:12 PM   #3
cbonar
Member
 
Registered: Apr 2004
Location: Paris, FRANCE
Distribution: Kubuntu + Debian
Posts: 53

Original Poster
Rep: Reputation: 15
Thanks a lot, I understand my mistake now : I was thinking that the DocumentRoot directive was prepended to the path in the <Directory> ones.
 
Old 09-17-2007, 08:47 PM   #4
linuxjamil
Member
 
Registered: Dec 2005
Distribution: Fedora Core 5, Sun Solaris 8
Posts: 122

Rep: Reputation: 15
Question <Directory>

yo you there?Dear
Seeing your problem definition i looked into my httpd.conf file running on Fedora 5 saw


<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>


Nothing like Allow from All




Would u plz describe me what are AllowOverride All and OPtions FolllowSymLikns means.

Thanking You
Subrun
 
Old 09-17-2007, 09:03 PM   #5
linuxjamil
Member
 
Registered: Dec 2005
Distribution: Fedora Core 5, Sun Solaris 8
Posts: 122

Rep: Reputation: 15
Question What I realized

yo you there?On my server, I have:

Code:

<Directory />
Order deny,allow
Deny fromall
</Directory>

<Directory /var/www/*>
Order allow,deny
allow from all
</Directory>

so anything under /var/www is allowed to be served by the web-server.----------------------------------above statement means that /, which is the root file-system of a linux system there(on /) no access will be given. And any directory afterwards /var/www/* will get access to serve html pages. Is it right plz say as I am conceptually very weak in Apache.

Plz say my assumtion is right or wrong.
 
Old 09-18-2007, 06:34 AM   #6
cbonar
Member
 
Registered: Apr 2004
Location: Paris, FRANCE
Distribution: Kubuntu + Debian
Posts: 53

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by linuxjamil View Post
yo you there?On my server, I have:

Code:

<Directory />
Order deny,allow
Deny fromall
</Directory>

<Directory /var/www/*>
Order allow,deny
allow from all
</Directory>

so anything under /var/www is allowed to be served by the web-server.----------------------------------above statement means that /, which is the root file-system of a linux system there(on /) no access will be given. And any directory afterwards /var/www/* will get access to serve html pages. Is it right plz say as I am conceptually very weak in Apache.

Plz say my assumtion is right or wrong.
Yes this is the way I now understand it too (and as a matter of fact this is the way it's working).

About AllowOverride, I don't use it but you can find the documentation here : http://httpd.apache.org/docs/2.2/mod...#allowoverride.

About FollowSymLinks, this is an option that allows the server to follow symbolic links on the filesystem. You can also find the definition here : http://httpd.apache.org/docs/2.2/mod/core.html#options
 
Old 09-18-2007, 06:34 AM   #7
andyccn
Member
 
Registered: Aug 2006
Distribution: Fedora 7
Posts: 46

Rep: Reputation: 15
Yes, you're correct.
This is so people cannot try and use Apache to serve files it shouldn't.

The "Order allow,deny", "allow from all", "deny from all" are security options to restrict access to certain files/folders based on IP addresses and domain name. "all" is a synonym for "everybody."

So saying:

Order allow,deny
deny from all

means no-one is allowed to see the content in the given directory.

I'd check out the default httpd.conf file and the Apache documentation, as you really should be denying access to anything but the Apache www directory.

As a polite side-note, "yo you there? Dear" is not a great way to greet people in English. "Hi" will simply do fine.
 
Old 09-19-2007, 12:17 PM   #8
linuxjamil
Member
 
Registered: Dec 2005
Distribution: Fedora Core 5, Sun Solaris 8
Posts: 122

Rep: Reputation: 15
Unhappy Sorry

yo you there?Dear

Thank u for your mail . But I am sorry for extra strings which is automatically going with every messages.
 
Old 09-19-2007, 01:02 PM   #9
cbonar
Member
 
Registered: Apr 2004
Location: Paris, FRANCE
Distribution: Kubuntu + Debian
Posts: 53

Original Poster
Rep: Reputation: 15
LOL, What is it ? A plugin for Firefox ?
 
Old 10-26-2007, 11:34 AM   #10
sandeshsk007
LQ Newbie
 
Registered: Oct 2007
Posts: 14

Rep: Reputation: 0
I have the same question but i want to restrict access to a particular page in the website based on the domain.
I tried changing the <Directory ...> directive but in vain.
Could you guys help me out in this regard.
Have been stuck in this for a very long time.

Thanks
Sandesh
 
Old 10-26-2007, 12:14 PM   #11
cbonar
Member
 
Registered: Apr 2004
Location: Paris, FRANCE
Distribution: Kubuntu + Debian
Posts: 53

Original Poster
Rep: Reputation: 15
For files, you should look at the <Files> directive.
 
Old 10-26-2007, 02:07 PM   #12
andyccn
Member
 
Registered: Aug 2006
Distribution: Fedora 7
Posts: 46

Rep: Reputation: 15
Restricting by domain is not always reliable, as it uses a reverse lookup on the client's IP address. "Dynamic" IP addresses such as that of dial-up and ADSL providers will resolve to that of the ISP, whatever the forward-lookup of a domain resolves to.
 
Old 10-26-2007, 02:59 PM   #13
sandeshsk007
LQ Newbie
 
Registered: Oct 2007
Posts: 14

Rep: Reputation: 0
I want to actually allow access to a $$$$$$.html page for users from only a certain domain, and want to deny all other users.Now i think i have made it more clear.


Regards
Sandesh
 
Old 10-27-2007, 03:08 PM   #14
cbonar
Member
 
Registered: Apr 2004
Location: Paris, FRANCE
Distribution: Kubuntu + Debian
Posts: 53

Original Poster
Rep: Reputation: 15
Try something like this (change the parameters in bold) :

Code:
<Directory /var/www/yourdirectory/>
    Order Deny,Allow
    Allow from all
    <Files $$$$$$.html>
        Deny from all
        Allow from yourdomain.com
    </Files>
</Directory>
I haven't tested it but if you look at http://httpd.apache.org/docs/2.2/howto/access.html I'm sure you'll have all required informations.

Last edited by cbonar; 10-27-2007 at 03:10 PM.
 
  


Reply

Tags
allow, apache, apache2, deny, subdirectories


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Command "find" misses some subdirectories vallond Linux - Enterprise 0 07-19-2007 04:55 AM
LXer: Ocean Blue Wins Order to Develop Software for Toshiba 'Donau' "System-On-Chip" IC's LXer Syndicated Linux News 0 07-08-2007 04:01 PM
Samba "Access Deny" when writing to share OpenVP Linux - Server 3 12-26-2006 07:57 AM
"users.allow" and "users.deny": under what directory, in Mandriva? KWTm Mandriva 0 10-09-2005 02:23 PM
Changing "boot" order of PCMCIA service bowlingd Fedora 2 10-11-2004 09:04 AM


All times are GMT -5. The time now is 04:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration