httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: patch? (Patch to fix the fatal missing VHost dir)
Date Sat, 01 Jun 1996 23:48:49 GMT
  This is fine, but refresh my memory - are srm.conf, httpd.conf, and 
  access.conf all complete opaque as to where directives can go?

They are.  All three files are processed by the exact same code, which
does not discriminate between them.  If you want to run with everything
in a single httpd.conf file, the only catch is that you have to set
ResourceConfig and AccessConfig to /dev/null in that single httpd.conf,
to keep the server from complaining that it can't find them.

  It might also be nice to make sure a situation like the following doesn't 
  happen - I have a main httpd.conf and a bunch of sub-conf files which 
  each do configuration for one virtualhost, and then I set ownerships and 
  permissions for each of those so that separate people are editing them.  
  I obviously don't want one of the vhost-conf maintainers to be able to 
  set the User directive.

Hmmm... perhaps what you want in that case is an Include config-file 
directive, which would allow you to say:

  <VirtualHost vhost1...>
  Include configs/vhost1
  </VirtualHost>

  <VirtualHost vhost2...>
  Include configs/vhost2
  </VirtualHost>

That Include command is not hard at all to implement... the trick is
making sure that a </VirtualHost> inside one of the included files won't
get a malefic user back up to top level (though I suppose if anyone tried,
the subsequent </VirtualHost> inside httpd.conf itself would then be a
syntax error, and the server would refuse to start because of it; not the
gentlest of error-handling mechanisms, but it at least reduces the problem
from security breach to denial of service).

Note that such an Include command would *not* do everything that you can
do with ConfigDir itself --- in particular, if anyone winds up writing a
fancy forms-based config tool, it could be very helpful to be able to just
have an individual file per <VirtualHost>, <Directory>, etc., and be assured
that the server will read them all on startup in one swell foop.  Then 
again, I suppose an Include that took wildcards *would* subsume ConfigDir:

  Include confdir/*

Ah, well.  Noodle, noodle noodle.

rst

Mime
View raw message