Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Please consider the following code from httpd.conf:
<Directory /home/httpd/htdocs/../ >
<Limit GET POST>
Deny from all
Allow from 10.10.1.10
</Limit>
</Directory>
The IP address is my web server itself. It is obvious that this directive is denying all access to something with the exception of a source address of the web server.
I am unable to locate documentation to help me understand the meaning of the '/../' in <Directory /home/httpd/htdocs/../>.
Can someone please explain the '/../' syntax to me?
That makes perfect sense but I am having trouble understanding why this type of logic was used in our httpd.conf file. Perhaps it is yet another way to secure directories outside of the document root - - a sort of catch all and safety net in case some other statement inadvertantly allows access outside of the document root.
Yes. The original IP is that of the localhost. The IP is used in other areas including that which defines a single virtual host for the server.
Based on the theory above, I would interpret the code as follows:
disallow access to the parent directory of the document root to all except the IP address of the localhost.
I thought that recent apache versions provide a default security policy to disallow access to all unless explicitly defined. Therefore the code that we are discussing should be redundant. Perhaps I am overlooking something.
We had a consultant come in about a year ago and "bless the box" prior to placing into full production. He left us a document with the majority of the tips, tricks, and recommendations that he had implemented. I have found a few things that were not documented and most of them were good measures. Since the consultant is the one who specifically chose the non-standard document root location that we currently use, and since he did a lot of tweaking to the httpd.conf that consisted of hard-coding the IP address for the localhost, I am almost certain that this was one of his bits.
A year ago? Time to get a new consultant in maybe? Or set up a test box with the latest version of all the running software configured by yourself. Read the documentation and try only copying changes over if they're mentioned in official examples. You should be able to recreate the same behaviour as your current box and know all the changes are correct.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
