httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Johnson <>
Subject Re: [users@httpd] Directory/Virtualhost & ACLs.
Date Tue, 25 Jul 2006 12:02:00 GMT
On Mon, 24 Jul 2006, Joshua Slive wrote:

> On 7/24/06, Chris Johnson <> wrote:
>>       Hey all,
>>       Have a messy config question here.
>>       Directory and Virtualhost seem to fire up what amounts to their
>> own ACLs, i.e. order, allow and deny.  We just got hit last week by an
>> autamate that probed the server, found some  forms and then submited a
>> bunch of them.  Obviously we would very much like to block this
>> sillyness whenever possible.
>>       I can set up an order/allow/deny set easily enough.  The problem
>> comes when you're running a few Directory blocks as well as
>> virtualhosts.  It gets really messy chasing down every ACL to update
>> them.
>>       The first obvious solution is a common include file included in
>> each directory or virtualhost block where needed.  That way everything
>> is in one file and it's easy to main the ACL.
>>       But this sort of thing must be pretty common these days.
>>       So, first question.  Do Directory and Virtualhost blocks have
>> their own ACLs?  Seem to from where I'm sitting.
> They do, but they will inherit from the parent context when nothing is
> specified.
> See:
>>       Second.  Is there any other/better way to deal with this
>> annoyance?  What do ohers do?
> Use Order/Allow/Deny directives only where you need to change the
> permissions applied to a parent context.  Otherwise, leave them out.

      Excuse me, I shave asked the following.  Should this be true for 
Apache 1.3 as well?  Because I'm not seeing it.

Chris Johnson               |Internet:
Systems Administrator       |Web:
NMR Center                  |Voice:    617.726.0949
Mass. General Hospital      |FAX:      617.726.7422
149 (2301) 13th Street      |God must love stupid people.  She keeps making 
Charlestown, MA., 02129 USA |them in such horrifyingly large numbers.  Me

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message