Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
06-16-2003, 03:40 PM
|
#1
|
LQ Newbie
Registered: Jan 2003
Posts: 7
Rep:
|
apache httpd.conf syntax
Please consider the following code from httpd.conf:
<Directory /home/httpd/htdocs/../ >
<Limit GET POST>
Deny from all
Allow from 10.10.1.10
</Limit>
</Directory>
The IP address is my web server itself. It is obvious that this directive is denying all access to something with the exception of a source address of the web server.
I am unable to locate documentation to help me understand the meaning of the '/../' in <Directory /home/httpd/htdocs/../>.
Can someone please explain the '/../' syntax to me?
Thanks.
|
|
|
06-16-2003, 03:45 PM
|
#2
|
Senior Member
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794
Rep: 
|
../ normally means the directory above the current one for all linux programs... 
|
|
|
06-16-2003, 03:53 PM
|
#3
|
LQ Newbie
Registered: Jan 2003
Posts: 7
Original Poster
Rep:
|
Thanks for the response.
That makes perfect sense but I am having trouble understanding why this type of logic was used in our httpd.conf file. Perhaps it is yet another way to secure directories outside of the document root - - a sort of catch all and safety net in case some other statement inadvertantly allows access outside of the document root.
|
|
|
06-16-2003, 04:12 PM
|
#4
|
Senior Member
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794
Rep: 
|
That's a decent theory, relative and absolute paths.
Do you have a copy of the original code with this before you added the network ip change?
|
|
|
06-16-2003, 04:22 PM
|
#5
|
LQ Newbie
Registered: Jan 2003
Posts: 7
Original Poster
Rep:
|
Yes. The original IP is that of the localhost. The IP is used in other areas including that which defines a single virtual host for the server.
Based on the theory above, I would interpret the code as follows:
disallow access to the parent directory of the document root to all except the IP address of the localhost.
I thought that recent apache versions provide a default security policy to disallow access to all unless explicitly defined. Therefore the code that we are discussing should be redundant. Perhaps I am overlooking something.
|
|
|
06-16-2003, 04:29 PM
|
#6
|
Senior Member
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794
Rep: 
|
I'm not really sure.
I assume this snippet isn't from a recent apache version, so exactly who wrote the ../ bit?
|
|
|
06-16-2003, 04:34 PM
|
#7
|
LQ Newbie
Registered: Jan 2003
Posts: 7
Original Poster
Rep:
|
We had a consultant come in about a year ago and "bless the box" prior to placing into full production. He left us a document with the majority of the tips, tricks, and recommendations that he had implemented. I have found a few things that were not documented and most of them were good measures. Since the consultant is the one who specifically chose the non-standard document root location that we currently use, and since he did a lot of tweaking to the httpd.conf that consisted of hard-coding the IP address for the localhost, I am almost certain that this was one of his bits.
|
|
|
06-16-2003, 04:49 PM
|
#8
|
Senior Member
Registered: Dec 2002
Location: England
Distribution: Used to use Mandrake/Mandriva
Posts: 2,794
Rep: 
|
A year ago? Time to get a new consultant in maybe? Or set up a test box with the latest version of all the running software configured by yourself. Read the documentation and try only copying changes over if they're mentioned in official examples. You should be able to recreate the same behaviour as your current box and know all the changes are correct. 
|
|
|
06-16-2003, 05:54 PM
|
#9
|
LQ Newbie
Registered: Jan 2003
Posts: 7
Original Poster
Rep:
|
good advice. thanks.
|
|
|
All times are GMT -5. The time now is 12:35 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|