[CentOS] OT - httpd/conf.d include questions - allowing only some addresses

Tue Oct 7 15:22:01 UTC 2014
Johnny Hughes <johnny at centos.org>

On 10/07/2014 08:47 AM, Robert Moskowitz wrote:
> 
> On 10/07/2014 09:32 AM, Valeri Galtsev wrote:
>> On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:
>>> My web searching is not finding out the answers to this, so I turn to
>>> you all here.
>>>
>>> I am trying to NOT modify my httpd/conf/httpd.conf file, and only make
>>> changes via includes.  I have done that with a 00-init.conf where I set
>>> things like servername and serveradmin.  Now I want to move my allow and
>>> denies to a 01-allow.conf include.  I tried:
>>>
>>> <Directory "/var/www/html">
>>>       Order allow,deny
>>>       deny from all
>>> </Directory>
>>>
>>> as that seems to be what is in the default conf, but I see in the
>>> error_log:
>>>
>>> [Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory
>>> index forbidden by Options directive: /var/www/html/
>>>
>> For apache to automatically generate index, you need to gave the
>> following
>> directive:
>>
>>    Options Indexes
>>
>> If there is no such directive, and no index.html (or index.php, or
>> whichever you described as index in config), you will get that error.
>> Read
>> on apache documentation to see how setting for diretory affect
>> subdirectories.
> 
> Of course, if I am going to preempt the provided directory directive, I
> have to have all the needed content.  So I tried:
> 
> <Directory "/var/www/html">
>     Options Indexes FollowSymLinks
>     AllowOverride None
>     Order deny,allow
>     allow from 192.84.67.128/255.255.255.0
>     deny from all
> </Directory>
> 
> where the allowed address is not mine, and I still get the default
> access page.  Almost like the content later in the default httpd.conf is
> overriding my include.
> 
> 
> Or is it since I have no provided content, that default screen is coming
> from somewhere else...
> 
> No, I created a /var/www/html/index.html with only the line 'Hello
> World', and it gets displayed.  So my deny,allow is not working...
>

You did not (that I see) say what version of CentOS this is for.  The
newer CentOS-7 apache uses different commands for this than CentOS-5 and
CentOS-6.

<snip>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20141007/02fb8a5a/attachment-0005.sig>