On Wed, Oct 15, 2008 at 8:52 AM, Yoom Nguyen <[EMAIL PROTECTED]> wrote: > Eric, > > It seems if I enable /srv/www/domainroot/images/* via AppArmor then > I don't even need to declare <Directory "/images/"> in Apache configuration > file. Is this true?
It's true that making the files unreadable via the OS prevents Apache from reading them. > > > I assume apache2 will not allow something like this? > <Directory "/images/"> > Options None > Order deny,allow > Deny from all > Allow from 172.24.16.0/255.255.248.0 > Allow from 172.21.160.0/255.255.254.0 > Allow from 65.123.86.50 > Allow from 172.25.15.20 > Allow from 172.25.15.21 > </Directory> You still have "/images/" instead of "/srv/www/domainroot/images/" so I suspect this stanza doesn't do anything. You can use multiple Allow directives. They're largely irrelevant if you've configured the OS to not permit Apache to read the files. > How can I protect an directory without using AppArmor? > Can you provide some example please. http://httpd.apache.org/docs/2.2/sections.html http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html Your default config likely has examples. -- Eric Covener [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
