httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adrian Gschwend <ml-...@netlabs.org>
Subject [users@httpd] Access control, VirtualHost & Apache 2.4
Date Mon, 06 Jan 2020 18:21:28 GMT
Dear group,

I finally started to migrate an Apache 2.2 config to 2.4. I've read the
migration document at
https://httpd.apache.org/docs/trunk/upgrading.html#run-time but I have a
hard time understanding the new access control model.

My config is mainly VirtualHost sections, in some of them I do have
Directory or Location directives, but others are pretty basic, for
example this one:

--
   <VirtualHost *:80>
      DocumentRoot "/webspace/example.org/blog"
      ServerName blog.example.org
      CustomLog /var/log/httpd/example-access.log combined
      ErrorLog /var/log/httpd/example-error.log
   </VirtualHost>
--

This used to work fine in 2.2 that way but in 2.4 I get an access denied
by default.

In my httpd.conf shipped by FreeBSD I see:

--
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
    AllowOverride none
    Require all denied
</Directory>
--

So my interpretation is that I have to explicitly allow access to any
other directory, even those in VirtualHost sections.

If I add

--
      <Directory "/">
        Require all granted
      </Directory>
--

This seems to work.

So I wonder what best practices is, should I add this to each
VirtualHost so the permission is explicitly set or would I change the
default access that currently denies it?

Or am I completely on the wrong track? I've tried to google a bit on the
topic but I could not find clear recommendations on how to handle it
with VirtualHost.

Any hints are welcome

Thanks

Adrian


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message