httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel D Jones <ddjo...@riddlemaster.org>
Subject Re: [users@httpd] Associate Alias with a VirtualHost
Date Sun, 03 Jan 2010 19:44:14 GMT
On Sunday 03 January 2010 13:48:09 Eric Covener wrote:
> On Sun, Jan 3, 2010 at 1:24 PM, Daniel D Jones <ddjones@riddlemaster.org> 
wrote:
> > I want this alias to take affect only under the SSL virtual host
> >
> > I could, of course, move the Alias and associated configs under the
> > <VirtualHost> section of 000-default, but that rather defeats the purpose
> > of having split config files.

Thanks for the assist.

> If you don't want to put the alias in the proper context (your own SSL
> VirtualHost), you can configure it globally and redirect to SSL in a
> <Directory> container:
> http://wiki.apache.org/httpd/RedirectSSL

Given:

Alias /blah /usr/share/blah

I was able to redirect by putting

Redirect permanent /blah https://www.mydomain.com/blah

in the global section of 000-default.  (That is, it's under <VirtualHost *> 
but not under a <Directory> container.)  My first attempt was:

Redirect permanent /usr/share/blah https://www.mydomain.com/blah

Specifying the full path did not work.  This seems a bit inconsistent, since 
redirects under the DocumentRoot specify the full path, including the path to 
the DocumentRoot.

This is acceptable but I'd prefer to just block access from http rather than 
redirect.  Neither of the following two approaches, placed under the default 
<VirtualHost *>, worked:

      <Directory /blah>
                AllowOverride None
                Order deny,allow
                Deny from all
        </Directory>

      <Directory /usr/share/blah>
                AllowOverride None
                Order deny,allow
                Deny from all
        </Directory>

But the following:

      <Directory /var/www/ssl>
                AllowOverride None
                Order deny,allow
                Deny from all
        </Directory>
 
where /var/www is the document root, does get denied from http.

> Split config files allow the packager to maintain a subset of your
> config files, and allow other packages to drop config files into place
> without editing existing files, but there's little cause for adding
> directives out of context to keep them tidy in some filesystem layout
> that Apache doesn't care about.

The conf.d file was installed by a package, and I'd prefer not to remove it if 
possible so that future updates to the package won't be confused. I also think 
split config files are easier to edit and maintain by hand but that's just a 
matter of personal preference.

Out of curiosity, what are the advantages/disadvantages of using an alias to 
redirect and simply creating a file link to the appropriate directory under 
DocumentRoot? If I simply created a link /var/www/blah pointing to 
/usr/share/blah, then I could use a <Directory> container to block access, as 
is done with the /var/www/ssl directory above.  I suspect that there are 
security implications but it isn't clear to me what they are.

Thanks again for your time and effort.

-- 
"The most glorious moments in your life are not the so-called days of success, 
but rather those days when out of dejection and despair you feel rise in you a 
challenge to life, and the promise of future accomplishments." - Gustave 
Flaubert

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message