LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 06-16-2003, 04:40 PM   #1
weisiger
LQ Newbie
 
Registered: Jan 2003
Posts: 7

Rep: Reputation: 0
apache httpd.conf syntax


Please consider the following code from httpd.conf:
<Directory /home/httpd/htdocs/../ >
<Limit GET POST>
Deny from all
Allow from 10.10.1.10
</Limit>
</Directory>

The IP address is my web server itself. It is obvious that this directive is denying all access to something with the exception of a source address of the web server.

I am unable to locate documentation to help me understand the meaning of the '/../' in <Directory /home/httpd/htdocs/../>.

Can someone please explain the '/../' syntax to me?

Thanks.
 
Old 06-16-2003, 04:45 PM   #2
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
../ normally means the directory above the current one for all linux programs...
 
Old 06-16-2003, 04:53 PM   #3
weisiger
LQ Newbie
 
Registered: Jan 2003
Posts: 7

Original Poster
Rep: Reputation: 0
Thanks for the response.

That makes perfect sense but I am having trouble understanding why this type of logic was used in our httpd.conf file. Perhaps it is yet another way to secure directories outside of the document root - - a sort of catch all and safety net in case some other statement inadvertantly allows access outside of the document root.
 
Old 06-16-2003, 05:12 PM   #4
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
That's a decent theory, relative and absolute paths.
Do you have a copy of the original code with this before you added the network ip change?
 
Old 06-16-2003, 05:22 PM   #5
weisiger
LQ Newbie
 
Registered: Jan 2003
Posts: 7

Original Poster
Rep: Reputation: 0
Yes. The original IP is that of the localhost. The IP is used in other areas including that which defines a single virtual host for the server.

Based on the theory above, I would interpret the code as follows:
disallow access to the parent directory of the document root to all except the IP address of the localhost.

I thought that recent apache versions provide a default security policy to disallow access to all unless explicitly defined. Therefore the code that we are discussing should be redundant. Perhaps I am overlooking something.
 
Old 06-16-2003, 05:29 PM   #6
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
I'm not really sure.
I assume this snippet isn't from a recent apache version, so exactly who wrote the ../ bit?
 
Old 06-16-2003, 05:34 PM   #7
weisiger
LQ Newbie
 
Registered: Jan 2003
Posts: 7

Original Poster
Rep: Reputation: 0
We had a consultant come in about a year ago and "bless the box" prior to placing into full production. He left us a document with the majority of the tips, tricks, and recommendations that he had implemented. I have found a few things that were not documented and most of them were good measures. Since the consultant is the one who specifically chose the non-standard document root location that we currently use, and since he did a lot of tweaking to the httpd.conf that consisted of hard-coding the IP address for the localhost, I am almost certain that this was one of his bits.
 
Old 06-16-2003, 05:49 PM   #8
Proud
Senior Member
 
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794

Rep: Reputation: 116Reputation: 116
A year ago? Time to get a new consultant in maybe? Or set up a test box with the latest version of all the running software configured by yourself. Read the documentation and try only copying changes over if they're mentioned in official examples. You should be able to recreate the same behaviour as your current box and know all the changes are correct.
 
Old 06-16-2003, 06:54 PM   #9
weisiger
LQ Newbie
 
Registered: Jan 2003
Posts: 7

Original Poster
Rep: Reputation: 0
good advice. thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache httpd.conf ilnli Linux - Software 9 01-11-2005 07:58 AM
Apache httpd.conf help BoardinBum Linux - Software 4 12-29-2004 01:59 PM
httpd.conf Syntax error tommytomato Linux - Newbie 2 05-25-2004 06:10 AM
httpd chokes on ScriptAlias line in Apache httpd.conf lhoff Linux - Software 1 07-14-2003 11:32 PM
apache httpd.conf plisken Linux - Software 1 02-01-2003 03:01 PM


All times are GMT -5. The time now is 10:12 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration