LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 06-10-2012, 11:42 PM   #1
elfoozo
Member
 
Registered: Feb 2004
Location: Washington, USA
Distribution: Debian
Posts: 265

Rep: Reputation: 32
Question centos, how to prevent vhost client accessing /manual?


I've got a stock CentOS 6 instllation with a virtual host defined like this:

Code:
<VirtualHost *:80>
    ServerAdmin webmaster@myserver.com
    DocumentRoot "/var/www/html/www.myserver.com"
    ServerName www.myserver.com
    ServerAlias myserver.*
    ErrorLog "/var/log/httpd/www.myserver.com/error_log"
    CustomLog "/var/log/httpd/www.myserver.com/access_log" common
</VirtualHost>
I've found I can do www.myserver.com/manual/ and browse the Apache manual. I assume if I can browse that my virtual host can traverse other locations.

How would you restrict clients to only /var/www/html/www.myserver.com in CentOS?
 
Old 06-11-2012, 12:25 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,072

Rep: Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969
Hi,

You can (re)move the /var/www/manual directory, or use .htaccess inside it, to allow access only to authenticated users

Regards
 
Old 06-11-2012, 05:43 PM   #3
elfoozo
Member
 
Registered: Feb 2004
Location: Washington, USA
Distribution: Debian
Posts: 265

Original Poster
Rep: Reputation: 32
I'm more concerned that clients can navigate outside of /var/www/html/www.myserver.com than I am about deleting or locking down the manual directory. It would seem there is something "on" by default in CentOS that lets this happen. How do you lock it up?
 
Old 06-12-2012, 12:29 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,072

Rep: Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969Reputation: 1969
Hi,
Quote:
Originally Posted by elfoozo View Post
I'm more concerned that clients can navigate outside of /var/www/html/www.myserver.com than I am about deleting or locking down the manual directory. It would seem there is something "on" by default in CentOS that lets this happen. How do you lock it up?
Normally no one can navigate outside the docroot. In a default apache installation, there is a "Deny All' for the "/' Directory and an "Allow from All" for the docroot.
In your case, I guess there is an Alias, somewhere in httpd.conf, that maps /manual to /var/www/manual

Regards
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to prevent a service from accessing a file satya123 Linux - Security 1 04-17-2012 02:19 AM
[SOLVED] unable to get vhost working on centos 6 enyawix Linux - Server 5 08-22-2011 01:08 PM
amaroK: How to prevent it from accessing the net? furryspider Linux - Software 2 09-17-2005 03:42 PM
Prevent program from accessing the internet penguinco Fedora 3 03-28-2005 07:21 AM
Apache vhost issues (client denied by server configuration) bpk Linux - Software 8 02-16-2005 07:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration