Re: [users@httpd] Directory/Virtualhost & ACLs.

Tue, 25 Jul 2006 05:02:28 -0700 

On Mon, 24 Jul 2006, Joshua Slive wrote:


On 7/24/06, Chris Johnson <[EMAIL PROTECTED]> wrote:

      Hey all,

      Have a messy config question here.

      Directory and Virtualhost seem to fire up what amounts to their
own ACLs, i.e. order, allow and deny.  We just got hit last week by an
autamate that probed the server, found some  forms and then submited a
bunch of them.  Obviously we would very much like to block this
sillyness whenever possible.

      I can set up an order/allow/deny set easily enough.  The problem
comes when you're running a few Directory blocks as well as
virtualhosts.  It gets really messy chasing down every ACL to update
them.

      The first obvious solution is a common include file included in
each directory or virtualhost block where needed.  That way everything
is in one file and it's easy to main the ACL.

      But this sort of thing must be pretty common these days.

      So, first question.  Do Directory and Virtualhost blocks have
their own ACLs?  Seem to from where I'm sitting.


They do, but they will inherit from the parent context when nothing is
specified.
See:
http://httpd.apache.org/docs/2.2/sections.html#mergin



      Second.  Is there any other/better way to deal with this
annoyance?  What do ohers do?


Use Order/Allow/Deny directives only where you need to change the
permissions applied to a parent context.  Otherwise, leave them out.
Excuse me, I shave asked the following. Should this be true for Apache 1.3 as well? Because I'm not seeing it. 

--------------------------------------------------------------------------------
Chris Johnson               |Internet: [EMAIL PROTECTED]
Systems Administrator       |Web:      http://www.nmr.mgh.harvard.edu/~johnson
NMR Center                  |Voice:    617.726.0949
Mass. General Hospital      |FAX:      617.726.7422
149 (2301) 13th Street |God must love stupid people. She keeps making Charlestown, MA., 02129 USA |them in such horrifyingly large numbers. Me 
--------------------------------------------------------------------------------

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to