httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthieu Moy <Matthieu....@grenoble-inp.fr>
Subject Re: [users@httpd] "Deny" directives silently ignored in config files
Date Thu, 26 Apr 2012 14:25:58 GMT
Noel Butler <noel.butler@ausics.net> writes:

> On Mon, 2012-04-23 at 09:04 +0200, Matthieu Moy wrote:
>
>     Noel Butler <noel.butler@ausics.net> writes:
>     
>     > Right, so have you changed it to Directory and does it now work?
>     
>     I tried <Directory>, and it did not work.  -
>
> You definitely have something broken then if Deny does not work in a Directory statement

I found the guilty line in the configuration, but I still don't
understand what's going on.

I had this at the end of /etc/apache2/apache2.conf:

<Location />
     Deny from <some IP address to blacklist>
</Location>

Removing these lines solves the issue: other Deny directives (in
/etc/apache2 and in .htaccesses) are now taken into account.

I still have two problems (much less serious) :

1) I'd like to understand what was going on. From my understanding, the
line above shouldn't have disabled other "Deny from" directives. Since
<Location> are taken into account after <Directory>, I'd understand that
a "Order" directive could be problematic, but not how a <Location> can
be so.

2) If possible, I'd like to have a way to blacklist IPs without
breaking everything else. That's secondary since the server can also use
iptables rules for blacklisting.

I tried several variants, like using <Directory> instead of <Location
/>, adding Order allow,deny before the Deny. With <Directory>, it works
essentially as I'd have expected: <Directory /> is ineffective since it
is overridden by more precise <Directory /www/.../> directives. It works
if I apply it to subdirectories of the DocumentRoot, but that's not
really conveinient.

Thanks,

-- 
Matthieu Moy
http://www-verimag.imag.fr/~moy/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message