Apache2 > "order allow,deny" to allow subdirectories
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Note that the default Apache access for <Directory /> is Allow from All.
This means that Apache will serve any file mapped from an URL.
It is recommended that you change this with a block such as
<Directory />
Order Deny,Allow
Deny from All
</Directory>
and then override this for directories you want accessible.
Ok, but how to do it ?
The following is not working, I've no access at / nor /public/ ("client denied by server configuration: /var/www/public/").
Code:
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks MultiViews
Order Deny,Allow
Deny from all
</Directory>
<Directory /public/>
Order Allow,Deny
Allow from all
</Directory>
The following is giving me access to both / and /public/, but I don't want that :
Code:
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks MultiViews
</Directory>
<Directory /public/>
Order Allow,Deny
Allow from all
</Directory>
Last edited by cbonar; 09-15-2007 at 12:10 PM.
Reason: solved
Directory / - refers to your file-system's root, not the web-root.
So what you're saying is, the web-server cannot access the root of the file-system and anything under it - /.
Then what you have is another directive saying:
Code:
<Directory /var/www>
Order Allow,Deny
Allow from all
Options ....
</Directory>
This is a safe guard for anyone that tries to use Apache to "break-out" of the /var/www directory to serve other files.
The <Directory /var/www> overrides the safe guard on / to allow public HTML to be served.
On my server, I have:
Code:
<Directory />
Order deny,allow
Deny fromall
</Directory>
<Directory /var/www/*>
Order allow,deny
allow from all
</Directory>
so anything under /var/www is allowed to be served by the web-server.
<Directory />
Order deny,allow
Deny fromall
</Directory>
<Directory /var/www/*>
Order allow,deny
allow from all
</Directory>
so anything under /var/www is allowed to be served by the web-server.----------------------------------above statement means that /, which is the root file-system of a linux system there(on /) no access will be given. And any directory afterwards /var/www/* will get access to serve html pages. Is it right plz say as I am conceptually very weak in Apache.
<Directory />
Order deny,allow
Deny fromall
</Directory>
<Directory /var/www/*>
Order allow,deny
allow from all
</Directory>
so anything under /var/www is allowed to be served by the web-server.----------------------------------above statement means that /, which is the root file-system of a linux system there(on /) no access will be given. And any directory afterwards /var/www/* will get access to serve html pages. Is it right plz say as I am conceptually very weak in Apache.
Plz say my assumtion is right or wrong.
Yes this is the way I now understand it too (and as a matter of fact this is the way it's working).
Yes, you're correct.
This is so people cannot try and use Apache to serve files it shouldn't.
The "Order allow,deny", "allow from all", "deny from all" are security options to restrict access to certain files/folders based on IP addresses and domain name. "all" is a synonym for "everybody."
So saying:
Order allow,deny
deny from all
means no-one is allowed to see the content in the given directory.
I'd check out the default httpd.conf file and the Apache documentation, as you really should be denying access to anything but the Apache www directory.
As a polite side-note, "yo you there? Dear" is not a great way to greet people in English. "Hi" will simply do fine.
I have the same question but i want to restrict access to a particular page in the website based on the domain.
I tried changing the <Directory ...> directive but in vain.
Could you guys help me out in this regard.
Have been stuck in this for a very long time.
Restricting by domain is not always reliable, as it uses a reverse lookup on the client's IP address. "Dynamic" IP addresses such as that of dial-up and ADSL providers will resolve to that of the ISP, whatever the forward-lookup of a domain resolves to.
I want to actually allow access to a $$$$$$.html page for users from only a certain domain, and want to deny all other users.Now i think i have made it more clear.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.