httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kirk Woellert <kdwo...@gmail.com>
Subject [users@httpd] Apache virtualhost order deny, allow works only on localhost; ignores public IP for allow
Date Fri, 21 Jun 2013 18:23:43 GMT
First time posting to the mail list-
Environment:
RHEL6
Apache v2.2
UserDir configured/works great
SuExec configured/works great

I have restricted access to user directories as follows:

<Directory /home/*/public_html>
    Options MultiViews +ExecCGI
    AddHandler cgi-script .cgi .pl
    Order Deny,Allow
    Deny from All
</Directory>

An existing vhost with a FQDN works great. The big picture:

vhost block1: default site (/var/www)
vhost block 2: site that works great
vhost block 3: site that does not seem to obey order, deny,allow
directives...

Blocks 2 and 3 are identical, except for the access directives and the
various paths,etc.
For vhost 3, I want to allow access on the localhost, and, one IP from the
Internet (redacted). Apache serves the site locally but, I can't access the
site from the public  "xxx...." IP.  I'm using a physical path to test from
the public IP as follows: xxx.xxx.xxx.xxx/~user/test/index.html

Here is vhost block 2, works great:
<VirtualHost *:80>
    ServerName user2Site
    ServerAlias user2Site
    DocumentRoot /home/user2/public_html/user2Site
    <IfModule mod_fcgid.c>
        SuexecUserGroup test test
        <Directory /home/user2/public_html/user2Site>
            Order Allow,Deny
            Allow from all
            Options +ExecCGI
            DirectoryIndex index.php index.html
            AllowOverride All
            AddHandler fcgid-script .php
            FcgiWrapper /var/www/php-fcgi-scripts/user2/php-fcgi-starter
.php
        </Directory>
    </IfModule>
</VirtualHost>

Here is vhost block 3 site giving me problems:

<VirtualHost *:80>
    ServerName test
    ServerAlias test
    DocumentRoot /home/user3/public_html/test
    <IfModule mod_fcgid.c>
        SuexecUserGroup test test
        <Directory /home/user3/public_html/test>
            Order Deny,Allow
            Deny from all
            Allow from xxx.xxx.xxx.xxx 127
            Options +ExecCGI
            DirectoryIndex index.php index.html
            AllowOverride All
            AddHandler fcgid-script .php
            FcgiWrapper /var/www/php-fcgi-scripts/user3/php-fcgi-starter
.php
        </Directory>
    </IfModule>
</VirtualHost>

I don't have a FQDN as yet, so I just made a entry in /etc/hosts as follows:
127.0.0.1 test

Here is an excerpt from the Apache error log:
[Mon Jun 17 12:02:16 2013] [error] [client xxx.xxx.xxx.xxx] client denied
by server configuration: /home/user3/public_html/test/index.html

I checked the suxec log and no errors are reported, the php starter script
works as expected.

I've read the Apache docs and surfed the web a few days checking out other
folks with similar problems. What am I missing?
-
Kirk Woellert

Mime
View raw message