httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Berry <matthew.william.be...@gmail.com>
Subject [users@httpd] SCGI and Order
Date Thu, 08 Dec 2011 06:00:39 GMT
Hello, I opted to send a message to this list as an alternative to
filing a bug report as per the procedures on the apache website. I'll
do my best to describe what I've seen in order to best aid those who
are nice enough to offer help.

What I am seeing is a situation where access to a directory has been
restricted using the following abbreviated config file, and everything
works just fine. Then, after adding this line: "SCGIMount /log
127.0.0.1:5000", requests to /log are served even though they had
previously been blocked. I am assuming that this is some sort of bug
or oversight, or that I am completely misunderstanding how security
works in apache. I've previously posted this question over at
LinuxQuestions and have not yet received any offers after about 3
weeks. The thread can be found here:
http://www.linuxquestions.org/questions/linux-security-4/scgimount-on-apache2-bypasses-order-allow-deny-914427/

<VirtualHost *:81>
        ServerAdmin xxxx@xxx.xxx
        ServerName  www.xxxxx.xxx:81
        DocumentRoot /var/www
        LogLevel warn
        ErrorLog /var/log/apache2/altport-error.log
        CustomLog /var/log/apache2/altport-access.log combined
        <Directory />
                Options FollowSymLinks
                AllowOverride None
                Order allow,deny
                Deny from all
        </Directory>
        <Directory /var/www>
                Order allow,deny
                Allow from all
        </Directory>
        <Directory /var/www/log>
                Order allow,deny
                Deny from all
        </Directory>
</VirtualHost>

Sincerely,
Matthew Berry

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message