Re: [users@httpd] Trouble-shooting Apache 2.2 Alias

[Leam Hall]

Hey Jonathon, SELinux is on permissive. Checked that early on.  :)
The biggest clue for me seems to be that if we open up the "<Directory 
/>" to Allow by default things work. Otherwise they don't.

Leam

On 10/28/18 9:26 AM, Jonathon Koyle wrote:
It may be getting denied by SELinux, I suspect the label on your aliased 
directory die not allow httpd access.  You will likely need to look into 
semanage, something like this may do what you need, but I'm not an 
expert at SELinux myself... redhat provides some explanation here: 
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems 


# semanage fcontext -a -t httpd_sys_content_t 
'/opt/repository/rhel_updates(.*)?'
# restorecon -R -v /opt/repository/rhel_updates


On Sat, Oct 27, 2018, 06:08 Leam Hall <leamh...@gmail.com 
<mailto:leamh...@gmail.com>> wrote:

    On 10/27/18 7:49 AM, Eric Covener wrote:
     > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall <leamh...@gmail.com
    <mailto:leamh...@gmail.com>> wrote:
     >>
     >> The only fix seems to be making the "<Directory />" more open
    than we
     >> want. It seems like Apache can't handle a more open
    sub-directory than
     >> whatever is allowed for the root directory.
     >
     > Apache can handle that just fine.  Show the smallest verbatim
     > configuration that demonstrates something unexpected along w/ the
     > logs.


    Hey Eric, I appreciate the help! Here's what I have, though it is
    transcribed.

    Set locally required limited OS access.

             <Directory />
               Options None
               Order deny,allow
               Deny from all
             </Directory>

    We use Apache as a yum repo, and store the rpms outside of the
    DocumentRoot.

             Alias "/rhel/updates" "/opt/repository/rhel_patch_updates"
             <Directory "/opt/repository/rhel_patch_updates">
               Options All
               Order allow,deny
               Allow from all
             </Directory>


    When we hit 'http://myserver/rhel/updates' the error_log says it is
    denied by server configuration. I've set the LogLevel to "debug" and
    that's all I get. The log is at work, sorry. I'm the one who did the
    server configuration so my bet is "operator error", just not sure
    how to
    fix it.

    Appreciate any help you can provide. Thanks!

    Leam



    ---------------------------------------------------------------------
    To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
    <mailto:users-unsubscr...@httpd.apache.org>
    For additional commands, e-mail: users-h...@httpd.apache.org
    <mailto:users-h...@httpd.apache.org>



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org