Robert Moskowitz
2014-Oct-07 13:06 UTC
[CentOS] OT - httpd/conf.d include questions - allowing only some addresses
My web searching is not finding out the answers to this, so I turn to you all here. I am trying to NOT modify my httpd/conf/httpd.conf file, and only make changes via includes. I have done that with a 00-init.conf where I set things like servername and serveradmin. Now I want to move my allow and denies to a 01-allow.conf include. I tried: <Directory "/var/www/html"> Order allow,deny deny from all </Directory> as that seems to be what is in the default conf, but I see in the error_log: [Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory index forbidden by Options directive: /var/www/html/ And maybe this is not the right restriction, because when I make this change directly in the default httpd.conf, I still can get to the default web page. Now on to the 'allow' statement. All syntax examples I have seen for it follow: allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64 and soforth. That is each range separated by a space. But potentially I have 18 ranges to specify, and at least named makes it easy with each range on its own line ending with a ';'. For now I am only putting 2 ranges in, but how does one set up a longer list of allowed ranges? thanks
Valeri Galtsev
2014-Oct-07 13:32 UTC
[CentOS] OT - httpd/conf.d include questions - allowing only some addresses
On Tue, October 7, 2014 8:06 am, Robert Moskowitz wrote:> My web searching is not finding out the answers to this, so I turn to > you all here. > > I am trying to NOT modify my httpd/conf/httpd.conf file, and only make > changes via includes. I have done that with a 00-init.conf where I set > things like servername and serveradmin. Now I want to move my allow and > denies to a 01-allow.conf include. I tried: > > <Directory "/var/www/html"> > Order allow,deny > deny from all > </Directory> > > as that seems to be what is in the default conf, but I see in the > error_log: > > [Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory > index forbidden by Options directive: /var/www/html/ >For apache to automatically generate index, you need to gave the following directive: Options Indexes If there is no such directive, and no index.html (or index.php, or whichever you described as index in config), you will get that error. Read on apache documentation to see how setting for diretory affect subdirectories. Valeri> And maybe this is not the right restriction, because when I make this > change directly in the default httpd.conf, I still can get to the > default web page. > > Now on to the 'allow' statement. All syntax examples I have seen for it > follow: > > allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64 > > and soforth. That is each range separated by a space. But potentially > I have 18 ranges to specify, and at least named makes it easy with each > range on its own line ending with a ';'. For now I am only putting 2 > ranges in, but how does one set up a longer list of allowed ranges? > > thanks > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Robert Moskowitz
2014-Oct-07 13:33 UTC
[CentOS] OT - httpd/conf.d include questions - allowing only some addresses
One example says to reverse the order to 'deny,allow' if you are denying all and allowing a range of addresses (reading too many manuals and explainations). That did fix the problem for a specific directory access, but not for the 'global' one. On 10/07/2014 09:06 AM, Robert Moskowitz wrote:> My web searching is not finding out the answers to this, so I turn to > you all here. > > I am trying to NOT modify my httpd/conf/httpd.conf file, and only make > changes via includes. I have done that with a 00-init.conf where I > set things like servername and serveradmin. Now I want to move my > allow and denies to a 01-allow.conf include. I tried: > > <Directory "/var/www/html"> > Order allow,deny > deny from all > </Directory> > > as that seems to be what is in the default conf, but I see in the > error_log: > > [Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory > index forbidden by Options directive: /var/www/html/ > > And maybe this is not the right restriction, because when I make this > change directly in the default httpd.conf, I still can get to the > default web page. > > Now on to the 'allow' statement. All syntax examples I have seen for > it follow: > > allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64 > > and soforth. That is each range separated by a space. But > potentially I have 18 ranges to specify, and at least named makes it > easy with each range on its own line ending with a ';'. For now I am > only putting 2 ranges in, but how does one set up a longer list of > allowed ranges? > > thanks > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
m.roth at 5-cent.us
2014-Oct-07 16:29 UTC
[CentOS] OT - httpd/conf.d include questions - allowing only some addresses
Robert Moskowitz wrote:> My web searching is not finding out the answers to this, so I turn to > you all here. > > I am trying to NOT modify my httpd/conf/httpd.conf file, and only make > changes via includes. I have done that with a 00-init.conf where I setIs that all in /etc/httpd/conf.d? Is there a Listen: or VittualHost directive? mark> things like servername and serveradmin. Now I want to move my allow and > denies to a 01-allow.conf include. I tried: > > <Directory "/var/www/html"> > Order allow,deny > deny from all > </Directory> > > as that seems to be what is in the default conf, but I see in the > error_log: > > [Tue Oct 07 08:51:58 2014] [error] [client 208.83.67.156] Directory > index forbidden by Options directive: /var/www/html/ > > And maybe this is not the right restriction, because when I make this > change directly in the default httpd.conf, I still can get to the > default web page. > > Now on to the 'allow' statement. All syntax examples I have seen for it > follow: > > allow from 1.1.1.0/24 1.1.2.0/24 2400:cb00:2048:1::/64 > > and soforth. That is each range separated by a space. But potentially > I have 18 ranges to specify, and at least named makes it easy with each > range on its own line ending with a ';'. For now I am only putting 2 > ranges in, but how does one set up a longer list of allowed ranges? > > thanks > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >