httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Johnson <john...@nmr.mgh.harvard.edu>
Subject Re: [users@httpd] Directory/Virtualhost & ACLs.
Date Tue, 25 Jul 2006 12:02:00 GMT
On Mon, 24 Jul 2006, Joshua Slive wrote:

> On 7/24/06, Chris Johnson <johnson@nmr.mgh.harvard.edu> wrote:
>>       Hey all,
>> 
>>       Have a messy config question here.
>> 
>>       Directory and Virtualhost seem to fire up what amounts to their
>> own ACLs, i.e. order, allow and deny.  We just got hit last week by an
>> autamate that probed the server, found some  forms and then submited a
>> bunch of them.  Obviously we would very much like to block this
>> sillyness whenever possible.
>> 
>>       I can set up an order/allow/deny set easily enough.  The problem
>> comes when you're running a few Directory blocks as well as
>> virtualhosts.  It gets really messy chasing down every ACL to update
>> them.
>> 
>>       The first obvious solution is a common include file included in
>> each directory or virtualhost block where needed.  That way everything
>> is in one file and it's easy to main the ACL.
>> 
>>       But this sort of thing must be pretty common these days.
>> 
>>       So, first question.  Do Directory and Virtualhost blocks have
>> their own ACLs?  Seem to from where I'm sitting.
>
> They do, but they will inherit from the parent context when nothing is
> specified.
> See:
> http://httpd.apache.org/docs/2.2/sections.html#mergin
>
>> 
>>       Second.  Is there any other/better way to deal with this
>> annoyance?  What do ohers do?
>
> Use Order/Allow/Deny directives only where you need to change the
> permissions applied to a parent context.  Otherwise, leave them out.
>
>

      Excuse me, I shave asked the following.  Should this be true for 
Apache 1.3 as well?  Because I'm not seeing it.

--------------------------------------------------------------------------------
Chris Johnson               |Internet: johnson@nmr.mgh.harvard.edu
Systems Administrator       |Web:      http://www.nmr.mgh.harvard.edu/~johnson
NMR Center                  |Voice:    617.726.0949
Mass. General Hospital      |FAX:      617.726.7422
149 (2301) 13th Street      |God must love stupid people.  She keeps making 
Charlestown, MA., 02129 USA |them in such horrifyingly large numbers.  Me
--------------------------------------------------------------------------------

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message