Re: [users@httpd] Apache directory access & Suse AppArmor

Fri, 17 Oct 2008 07:00:17 -0700 

Eric,

I am clear with how AppArmor work and how to set them up correctly.
What I do not have a clear picture is why this setting below
still not allow any network to access this particular directory
unless I have it define as ALLOW FROM ALL.

** This syntax and options will work ****
  <Directory "/srv/www/my-domain/images/">
     Allow from all
  </Directory>



** This syntax and options will not allow any network to access *********
  <Directory "/srv/www/my-domain/images/">
     Options None
     Order deny,allow
     Deny from all
     Allow from 172.10.10.0/255.255.255.0
  </Directory>



** However, if I use this syntax and options it will work or allow every 
network ****
  <Directory "/srv/www/my-domain/images/">
     Allow from all
  </Directory>



Thank you,

Y




----- Original Message -----
From: "Eric Covener" <[EMAIL PROTECTED]>
To: users@httpd.apache.org
Sent: Thursday, October 16, 2008 1:48:23 PM (GMT-0500) America/New_York
Subject: Re: [EMAIL PROTECTED] Apache directory access & Suse AppArmor

On Wed, Oct 15, 2008 at 10:55 PM, Yoom Nguyen <[EMAIL PROTECTED]> wrote:
> Eric,
>
> I got most of what you described but there are still something unclear to me.
> If I want the WHOLE directory /images to allow view by the OS (AppArmor) and 
> deny view via the network by
> every other network except net work 172.10.10.0/255.255.255.0 to read.
> Only allow network 172.10.10.0/255.255.255.0 to view or access.
> What are the syntax look like?

Sorry, I can only speak to the Apache side of it, which looks fine. Of
course if you configure your OS to make something unreadable, the
apache access control is moot.


> 2. From Appache configuration file, add the following lines:
>
>  <Directory "/srv/www/my-domain/images/">
>     Options None
>     Order deny,allow
>     Deny from all
>     Allow from 172.10.10.0/255.255.255.0
>  </Directory>



-- 
Eric Covener
[EMAIL PROTECTED]

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to