[CentOS] OT - httpd/conf.d include questions - allowing only some addresses
Robert Moskowitz
rgm at htt-consult.com
Tue Oct 7 15:29:30 UTC 2014
On 10/07/2014 11:22 AM, Johnny Hughes wrote:
> On 10/07/2014 08:47 AM, Robert Moskowitz wrote:
>> On 10/07/2014 09:32 AM, Valeri Galtsev wrote:
>>> On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:
>>>> My web searching is not finding out the answers to this, so I turn to
>>>> you all here.
>>>>
>>>> I am trying to NOT modify my httpd/conf/httpd.conf file, and only make
>>>> changes via includes. I have done that with a 00-init.conf where I set
>>>> things like servername and serveradmin. Now I want to move my allow and
>>>> denies to a 01-allow.conf include. I tried:
>>>>
>>>> <Directory "/var/www/html">
>>>> Order allow,deny
>>>> deny from all
>>>> </Directory>
>>>>
>>>> as that seems to be what is in the default conf, but I see in the
>>>> error_log:
>>>>
>>>> [Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory
>>>> index forbidden by Options directive: /var/www/html/
>>>>
>>> For apache to automatically generate index, you need to gave the
>>> following
>>> directive:
>>>
>>> Options Indexes
>>>
>>> If there is no such directive, and no index.html (or index.php, or
>>> whichever you described as index in config), you will get that error.
>>> Read
>>> on apache documentation to see how setting for diretory affect
>>> subdirectories.
>> Of course, if I am going to preempt the provided directory directive, I
>> have to have all the needed content. So I tried:
>>
>> <Directory "/var/www/html">
>> Options Indexes FollowSymLinks
>> AllowOverride None
>> Order deny,allow
>> allow from 192.84.67.128/255.255.255.0
>> deny from all
>> </Directory>
>>
>> where the allowed address is not mine, and I still get the default
>> access page. Almost like the content later in the default httpd.conf is
>> overriding my include.
>>
>>
>> Or is it since I have no provided content, that default screen is coming
>> from somewhere else...
>>
>> No, I created a /var/www/html/index.html with only the line 'Hello
>> World', and it gets displayed. So my deny,allow is not working...
>>
> You did not (that I see) say what version of CentOS this is for. The
> newer CentOS-7 apache uses different commands for this than CentOS-5 and
> CentOS-6.
Now THAT is something to watch out for...
Centos 6.
And it seems for IPv4 CIDR addresses you have to use net/mask, not net/bits.
192.84.67.128/255.255.255.192
not
192.84.67.128/26
More information about the CentOS
mailing list