My web searching is not finding out the answers to this, so I turn to you all here.
I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set things like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried:
<Directory "/var/www/html"> Order allow,deny deny from all </Directory>
as that seems to be what is in the default conf, but I see in the error_log:
[Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/
And maybe this is not the right restriction, because when I make this change directly in the default httpd.conf, I still can get to the default web page.
Now on to the 'allow' statement. All syntax examples I have seen for it follow:
allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64
and soforth. That is each range separated by a space. But potentially I have 18 ranges to specify, and at least named makes it easy with each range on its own line ending with a ';'. For now I am only putting 2 ranges in, but how does one set up a longer list of allowed ranges?
thanks
On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:
My web searching is not finding out the answers to this, so I turn to you all here.
I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set things like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried:
<Directory "/var/www/html"> Order allow,deny deny from all
</Directory>
as that seems to be what is in the default conf, but I see in the error_log:
[Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/
For apache to automatically generate index, you need to gave the following directive:
Options Indexes
If there is no such directive, and no index.html (or index.php, or whichever you described as index in config), you will get that error. Read on apache documentation to see how setting for diretory affect subdirectories.
Valeri
And maybe this is not the right restriction, because when I make this change directly in the default httpd.conf, I still can get to the default web page.
Now on to the 'allow' statement. All syntax examples I have seen for it follow:
allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64
and soforth. That is each range separated by a space. But potentially I have 18 ranges to specify, and at least named makes it easy with each range on its own line ending with a ';'. For now I am only putting 2 ranges in, but how does one set up a longer list of allowed ranges?
thanks
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 10/07/2014 09:32 AM, Valeri Galtsev wrote:
On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:
My web searching is not finding out the answers to this, so I turn to you all here.
I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set things like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried:
<Directory "/var/www/html"> Order allow,deny deny from all
</Directory>
as that seems to be what is in the default conf, but I see in the error_log:
[Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/
For apache to automatically generate index, you need to gave the following directive:
Options Indexes
If there is no such directive, and no index.html (or index.php, or whichever you described as index in config), you will get that error. Read on apache documentation to see how setting for diretory affect subdirectories.
Of course, if I am going to preempt the provided directory directive, I have to have all the needed content. So I tried:
<Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order deny,allow allow from 192.84.67.128/255.255.255.0 deny from all </Directory>
where the allowed address is not mine, and I still get the default access page. Almost like the content later in the default httpd.conf is overriding my include.
Or is it since I have no provided content, that default screen is coming from somewhere else...
No, I created a /var/www/html/index.html with only the line 'Hello World', and it gets displayed. So my deny,allow is not working...
Valeri
And maybe this is not the right restriction, because when I make this change directly in the default httpd.conf, I still can get to the default web page.
Now on to the 'allow' statement. All syntax examples I have seen for it follow:
allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64
and soforth. That is each range separated by a space. But potentially I have 18 ranges to specify, and at least named makes it easy with each range on its own line ending with a ';'. For now I am only putting 2 ranges in, but how does one set up a longer list of allowed ranges?
thanks
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 10/07/2014 08:47 AM, Robert Moskowitz wrote:
On 10/07/2014 09:32 AM, Valeri Galtsev wrote:
On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:
My web searching is not finding out the answers to this, so I turn to you all here.
I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set things like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried:
<Directory "/var/www/html"> Order allow,deny deny from all
</Directory>
as that seems to be what is in the default conf, but I see in the error_log:
[Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/
For apache to automatically generate index, you need to gave the following directive:
Options Indexes
If there is no such directive, and no index.html (or index.php, or whichever you described as index in config), you will get that error. Read on apache documentation to see how setting for diretory affect subdirectories.
Of course, if I am going to preempt the provided directory directive, I have to have all the needed content. So I tried:
<Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order deny,allow allow from 192.84.67.128/255.255.255.0 deny from all
</Directory>
where the allowed address is not mine, and I still get the default access page. Almost like the content later in the default httpd.conf is overriding my include.
Or is it since I have no provided content, that default screen is coming from somewhere else...
No, I created a /var/www/html/index.html with only the line 'Hello World', and it gets displayed. So my deny,allow is not working...
You did not (that I see) say what version of CentOS this is for. The newer CentOS-7 apache uses different commands for this than CentOS-5 and CentOS-6.
<snip>
On 10/07/2014 11:22 AM, Johnny Hughes wrote:
On 10/07/2014 08:47 AM, Robert Moskowitz wrote:
On 10/07/2014 09:32 AM, Valeri Galtsev wrote:
On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:
My web searching is not finding out the answers to this, so I turn to you all here.
I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set things like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried:
<Directory "/var/www/html"> Order allow,deny deny from all
</Directory>
as that seems to be what is in the default conf, but I see in the error_log:
[Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/
For apache to automatically generate index, you need to gave the following directive:
Options IndexesIf there is no such directive, and no index.html (or index.php, or whichever you described as index in config), you will get that error. Read on apache documentation to see how setting for diretory affect subdirectories.
Of course, if I am going to preempt the provided directory directive, I have to have all the needed content. So I tried:
<Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order deny,allow allow from 192.84.67.128/255.255.255.0 deny from all
</Directory>
where the allowed address is not mine, and I still get the default access page. Almost like the content later in the default httpd.conf is overriding my include.
Or is it since I have no provided content, that default screen is coming from somewhere else...
No, I created a /var/www/html/index.html with only the line 'Hello World', and it gets displayed. So my deny,allow is not working...
You did not (that I see) say what version of CentOS this is for. The newer CentOS-7 apache uses different commands for this than CentOS-5 and CentOS-6.
Now THAT is something to watch out for...
Centos 6.
And it seems for IPv4 CIDR addresses you have to use net/mask, not net/bits.
192.84.67.128/255.255.255.192
not
192.84.67.128/26
On Tue, 2014-10-07 at 09:47 -0400, Robert Moskowitz wrote:
<Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order deny,allow allow from 192.84.67.128/255.255.255.0 deny from all
</Directory>
If you want to allow web site access from only
192.84.67.128/255.255.255.0
then do it in your firewall. The IPtables (ip4) commands would be something like this:-
iptables -I {table name} {table position or line number} -p tcp --dport 80 -s 192.84.67.128/24 -j ACCEPT
iptables -I {table name} {table position AFTER previous line} -p tcp --dport 80 -j DROP
On 10/07/2014 12:01 PM, Always Learning wrote:
On Tue, 2014-10-07 at 09:47 -0400, Robert Moskowitz wrote:
<Directory "/var/www/html"> Options Indexes FollowSymLinks AllowOverride None Order deny,allow allow from 192.84.67.128/255.255.255.0 deny from all
</Directory>
If you want to allow web site access from only
192.84.67.128/255.255.255.0
then do it in your firewall. The IPtables (ip4) commands would be something like this:-
iptables -I {table name} {table position or line number} -p tcp --dport 80 -s 192.84.67.128/24 -j ACCEPT
iptables -I {table name} {table position AFTER previous line} -p tcp --dport 80 -j DROP
Won't do what I want. As there is a virtual host that I DO want globally accessible.
I have successfully restricted the postfixadmin directory to only local networks. I just have not done it for the default directories.
One example says to reverse the order to 'deny,allow' if you are denying all and allowing a range of addresses (reading too many manuals and explainations). That did fix the problem for a specific directory access, but not for the 'global' one.
On 10/07/2014 09:06 AM, Robert Moskowitz wrote:
My web searching is not finding out the answers to this, so I turn to you all here.
I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set things like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried:
<Directory "/var/www/html"> Order allow,deny deny from all
</Directory>
as that seems to be what is in the default conf, but I see in the error_log:
[Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/
And maybe this is not the right restriction, because when I make this change directly in the default httpd.conf, I still can get to the default web page.
Now on to the 'allow' statement. All syntax examples I have seen for it follow:
allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64
and soforth. That is each range separated by a space. But potentially I have 18 ranges to specify, and at least named makes it easy with each range on its own line ending with a ';'. For now I am only putting 2 ranges in, but how does one set up a longer list of allowed ranges?
thanks
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Robert Moskowitz wrote:
My web searching is not finding out the answers to this, so I turn to you all here.
I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set
Is that all in /etc/httpd/conf.d? Is there a Listen: or VittualHost directive?
mark
things like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried:
<Directory "/var/www/html"> Order allow,deny deny from all
</Directory>
as that seems to be what is in the default conf, but I see in the error_log:
[Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/
And maybe this is not the right restriction, because when I make this change directly in the default httpd.conf, I still can get to the default web page.
Now on to the 'allow' statement. All syntax examples I have seen for it follow:
allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64
and soforth. That is each range separated by a space. But potentially I have 18 ranges to specify, and at least named makes it easy with each range on its own line ending with a ';'. For now I am only putting 2 ranges in, but how does one set up a longer list of allowed ranges?
thanks
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 10/07/2014 12:29 PM, m.roth@5-cent.us wrote:
Robert Moskowitz wrote:
My web searching is not finding out the answers to this, so I turn to you all here.
I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set
Is that all in /etc/httpd/conf.d? Is there a Listen: or VittualHost directive?
Yes, I left off /etc/ from all places shown.
Yes, there is a Listen. The VirtualHost config is coming as soon as I can build the current RoundCube.
markthings like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried:
<Directory "/var/www/html"> Order allow,deny deny from all
</Directory>
as that seems to be what is in the default conf, but I see in the error_log:
[Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/
And maybe this is not the right restriction, because when I make this change directly in the default httpd.conf, I still can get to the default web page.
Now on to the 'allow' statement. All syntax examples I have seen for it follow:
allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64
and soforth. That is each range separated by a space. But potentially I have 18 ranges to specify, and at least named makes it easy with each range on its own line ending with a ';'. For now I am only putting 2 ranges in, but how does one set up a longer list of allowed ranges?
thanks
-
Always Learning -
Johnny Hughes -
m.roth@5-cent.us -
Robert Moskowitz -
Valeri Galtsev