[CentOS] OT - httpd/conf.d include questions - allowing only some addresses
Robert Moskowitz
rgm at htt-consult.com
Tue Oct 7 13:47:29 UTC 2014
On 10/07/2014 09:32 AM, Valeri Galtsev wrote:
> On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:
>> My web searching is not finding out the answers to this, so I turn to
>> you all here.
>>
>> I am trying to NOT modify my httpd/conf/httpd.conf file, and only make
>> changes via includes. I have done that with a 00-init.conf where I set
>> things like servername and serveradmin. Now I want to move my allow and
>> denies to a 01-allow.conf include. I tried:
>>
>> <Directory "/var/www/html">
>> Order allow,deny
>> deny from all
>> </Directory>
>>
>> as that seems to be what is in the default conf, but I see in the
>> error_log:
>>
>> [Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory
>> index forbidden by Options directive: /var/www/html/
>>
> For apache to automatically generate index, you need to gave the following
> directive:
>
> Options Indexes
>
> If there is no such directive, and no index.html (or index.php, or
> whichever you described as index in config), you will get that error. Read
> on apache documentation to see how setting for diretory affect
> subdirectories.
Of course, if I am going to preempt the provided directory directive, I
have to have all the needed content. So I tried:
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order deny,allow
allow from 192.84.67.128/255.255.255.0
deny from all
</Directory>
where the allowed address is not mine, and I still get the default
access page. Almost like the content later in the default httpd.conf is
overriding my include.
Or is it since I have no provided content, that default screen is coming
from somewhere else...
No, I created a /var/www/html/index.html with only the line 'Hello
World', and it gets displayed. So my deny,allow is not working...
>
> Valeri
>
>> And maybe this is not the right restriction, because when I make this
>> change directly in the default httpd.conf, I still can get to the
>> default web page.
>>
>> Now on to the 'allow' statement. All syntax examples I have seen for it
>> follow:
>>
>> allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64
>>
>> and soforth. That is each range separated by a space. But potentially
>> I have 18 ranges to specify, and at least named makes it easy with each
>> range on its own line ending with a ';'. For now I am only putting 2
>> ranges in, but how does one set up a longer list of allowed ranges?
>>
>> thanks
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list