httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yoom Nguyen <y...@hostwebase.com>
Subject Re: [users@httpd] Apache directory access & Suse AppArmor
Date Thu, 16 Oct 2008 23:09:51 GMT
Eric,

I am clear with how AppArmor work and how to set them up correctly.
What I do not have a clear picture is why this setting below
still not allow any network to access this particular directory
unless I have it define as ALLOW FROM ALL.

** This syntax and options will work ****
  <Directory "/srv/www/my-domain/images/">
     Allow from all
  </Directory>



** This syntax and options will not allow any network to access *********
  <Directory "/srv/www/my-domain/images/">
     Options None
     Order deny,allow
     Deny from all
     Allow from 172.10.10.0/255.255.255.0
  </Directory>



** However, if I use this syntax and options it will work or allow every network ****
  <Directory "/srv/www/my-domain/images/">
     Allow from all
  </Directory>



Thank you,

Y




----- Original Message -----
From: "Eric Covener" <covener@gmail.com>
To: users@httpd.apache.org
Sent: Thursday, October 16, 2008 1:48:23 PM (GMT-0500) America/New_York
Subject: Re: [users@httpd] Apache directory access & Suse AppArmor

On Wed, Oct 15, 2008 at 10:55 PM, Yoom Nguyen <yoom@hostwebase.com> wrote:
> Eric,
>
> I got most of what you described but there are still something unclear to me.
> If I want the WHOLE directory /images to allow view by the OS (AppArmor) and deny view
via the network by
> every other network except net work 172.10.10.0/255.255.255.0 to read.
> Only allow network 172.10.10.0/255.255.255.0 to view or access.
> What are the syntax look like?

Sorry, I can only speak to the Apache side of it, which looks fine. Of
course if you configure your OS to make something unreadable, the
apache access control is moot.


> 2. From Appache configuration file, add the following lines:
>
>  <Directory "/srv/www/my-domain/images/">
>     Options None
>     Order deny,allow
>     Deny from all
>     Allow from 172.10.10.0/255.255.255.0
>  </Directory>



-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message