The only other thing I can think of right now is that either the <Directory /opt/repository/rhel_patch_updates> config is somehow not included (but in that case the Alias probably wouldn't work either), or it is before the <Directory /> block, which then overrides the former. All of this is assuming that you only have two <Directory> blocks in your config. Anyway, order matters.
On Mon, Oct 29, 2018 at 1:39 AM Leam Hall <leamh...@gmail.com> wrote: > Hey Jonathon, SELinux is on permissive. Checked that early on. :) > > The biggest clue for me seems to be that if we open up the "<Directory > />" to Allow by default things work. Otherwise they don't. > > Leam > > On 10/28/18 9:26 AM, Jonathon Koyle wrote: > > It may be getting denied by SELinux, I suspect the label on your aliased > > directory die not allow httpd access. You will likely need to look into > > semanage, something like this may do what you need, but I'm not an > > expert at SELinux myself... redhat provides some explanation here: > > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems > > > > > > # semanage fcontext -a -t httpd_sys_content_t > '/opt/repository/rhel_updates(.*)?' > > # restorecon -R -v /opt/repository/rhel_updates > > > > > > On Sat, Oct 27, 2018, 06:08 Leam Hall <leamh...@gmail.com > > <mailto:leamh...@gmail.com>> wrote: > > > > On 10/27/18 7:49 AM, Eric Covener wrote: > > > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall <leamh...@gmail.com > > <mailto:leamh...@gmail.com>> wrote: > > >> > > >> The only fix seems to be making the "<Directory />" more open > > than we > > >> want. It seems like Apache can't handle a more open > > sub-directory than > > >> whatever is allowed for the root directory. > > > > > > Apache can handle that just fine. Show the smallest verbatim > > > configuration that demonstrates something unexpected along w/ the > > > logs. > > > > > > Hey Eric, I appreciate the help! Here's what I have, though it is > > transcribed. > > > > Set locally required limited OS access. > > > > <Directory /> > > Options None > > Order deny,allow > > Deny from all > > </Directory> > > > > We use Apache as a yum repo, and store the rpms outside of the > > DocumentRoot. > > > > Alias "/rhel/updates" "/opt/repository/rhel_patch_updates" > > <Directory "/opt/repository/rhel_patch_updates"> > > Options All > > Order allow,deny > > Allow from all > > </Directory> > > > > > > When we hit 'http://myserver/rhel/updates' the error_log says it is > > denied by server configuration. I've set the LogLevel to "debug" and > > that's all I get. The log is at work, sorry. I'm the one who did the > > server configuration so my bet is "operator error", just not sure > > how to > > fix it. > > > > Appreciate any help you can provide. Thanks! > > > > Leam > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > <mailto:users-unsubscr...@httpd.apache.org> > > For additional commands, e-mail: users-h...@httpd.apache.org > > <mailto:users-h...@httpd.apache.org> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
