httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gillis J. de Nijs" <gil...@jink.net.INVALID>
Subject Re: [users@httpd] Trouble-shooting Apache 2.2 Alias
Date Mon, 29 Oct 2018 08:14:30 GMT
The only other thing I can think of right now is that either the <Directory
/opt/repository/rhel_patch_updates> config is somehow not included (but in
that case the Alias probably wouldn't work either), or it is before the
<Directory /> block, which then overrides the former.  All of this is
assuming that you only have two <Directory> blocks in your config.  Anyway,
order matters.

On Mon, Oct 29, 2018 at 1:39 AM Leam Hall <leamhall@gmail.com> wrote:

> Hey Jonathon, SELinux is on permissive. Checked that early on.  :)
>
> The biggest clue for me seems to be that if we open up the "<Directory
> />" to Allow by default things work. Otherwise they don't.
>
> Leam
>
> On 10/28/18 9:26 AM, Jonathon Koyle wrote:
> > It may be getting denied by SELinux, I suspect the label on your aliased
> > directory die not allow httpd access.  You will likely need to look into
> > semanage, something like this may do what you need, but I'm not an
> > expert at SELinux myself... redhat provides some explanation here:
> >
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems
> >
> >
> > # semanage fcontext -a -t httpd_sys_content_t
> '/opt/repository/rhel_updates(.*)?'
> > # restorecon -R -v /opt/repository/rhel_updates
> >
> >
> > On Sat, Oct 27, 2018, 06:08 Leam Hall <leamhall@gmail.com
> > <mailto:leamhall@gmail.com>> wrote:
> >
> >     On 10/27/18 7:49 AM, Eric Covener wrote:
> >      > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall <leamhall@gmail.com
> >     <mailto:leamhall@gmail.com>> wrote:
> >      >>
> >      >> The only fix seems to be making the "<Directory />" more open
> >     than we
> >      >> want. It seems like Apache can't handle a more open
> >     sub-directory than
> >      >> whatever is allowed for the root directory.
> >      >
> >      > Apache can handle that just fine.  Show the smallest verbatim
> >      > configuration that demonstrates something unexpected along w/ the
> >      > logs.
> >
> >
> >     Hey Eric, I appreciate the help! Here's what I have, though it is
> >     transcribed.
> >
> >     Set locally required limited OS access.
> >
> >              <Directory />
> >                Options None
> >                Order deny,allow
> >                Deny from all
> >              </Directory>
> >
> >     We use Apache as a yum repo, and store the rpms outside of the
> >     DocumentRoot.
> >
> >              Alias "/rhel/updates" "/opt/repository/rhel_patch_updates"
> >              <Directory "/opt/repository/rhel_patch_updates">
> >                Options All
> >                Order allow,deny
> >                Allow from all
> >              </Directory>
> >
> >
> >     When we hit 'http://myserver/rhel/updates' the error_log says it is
> >     denied by server configuration. I've set the LogLevel to "debug" and
> >     that's all I get. The log is at work, sorry. I'm the one who did the
> >     server configuration so my bet is "operator error", just not sure
> >     how to
> >     fix it.
> >
> >     Appreciate any help you can provide. Thanks!
> >
> >     Leam
> >
> >
> >
> >     ---------------------------------------------------------------------
> >     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >     <mailto:users-unsubscribe@httpd.apache.org>
> >     For additional commands, e-mail: users-help@httpd.apache.org
> >     <mailto:users-help@httpd.apache.org>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message