httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathon Koyle <literea...@gmail.com>
Subject Re: [users@httpd] Trouble-shooting Apache 2.2 Alias
Date Sun, 28 Oct 2018 13:26:51 GMT
It may be getting denied by SELinux, I suspect the label on your aliased
directory die not allow httpd access.  You will likely need to look into
semanage, something like this may do what you need, but I'm not an expert
at SELinux myself... redhat provides some explanation here:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems


# semanage fcontext -a -t httpd_sys_content_t
'/opt/repository/rhel_updates(.*)?'
# restorecon -R -v /opt/repository/rhel_updates


On Sat, Oct 27, 2018, 06:08 Leam Hall <leamhall@gmail.com> wrote:

> On 10/27/18 7:49 AM, Eric Covener wrote:
> > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall <leamhall@gmail.com> wrote:
> >>
> >> The only fix seems to be making the "<Directory />" more open than we
> >> want. It seems like Apache can't handle a more open sub-directory than
> >> whatever is allowed for the root directory.
> >
> > Apache can handle that just fine.  Show the smallest verbatim
> > configuration that demonstrates something unexpected along w/ the
> > logs.
>
>
> Hey Eric, I appreciate the help! Here's what I have, though it is
> transcribed.
>
> Set locally required limited OS access.
>
>         <Directory />
>           Options None
>           Order deny,allow
>           Deny from all
>         </Directory>
>
> We use Apache as a yum repo, and store the rpms outside of the
> DocumentRoot.
>
>         Alias "/rhel/updates" "/opt/repository/rhel_patch_updates"
>         <Directory "/opt/repository/rhel_patch_updates">
>           Options All
>           Order allow,deny
>           Allow from all
>         </Directory>
>
>
> When we hit 'http://myserver/rhel/updates' the error_log says it is
> denied by server configuration. I've set the LogLevel to "debug" and
> that's all I get. The log is at work, sorry. I'm the one who did the
> server configuration so my bet is "operator error", just not sure how to
> fix it.
>
> Appreciate any help you can provide. Thanks!
>
> Leam
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message