Apache Server configuration support - <Directory> in vhost : mod_access ignore it

Author

<Directory> in vhost : mod_access ignore it - Hard Pb.

zorglub

2006-02-13, 8:54 pm

Hi All,
my trouble seem to be difficult :
'Order' directives don't work in a <VirtualHost> .. <Directory> section.
I have tried a lot of configuration, but result are the same.

Typical conf. that DON'T work :

NameVirtualHost 192.168.0.10

<VirtualHost 192.168.0.10>
ServerName myhost.mydomain.com
DocumentRoot /public/myhost/www
<Directory /public/myhost/www>
Order Allow,Deny
</Directory>
</VirtualHost>
OR
the same with
<Directory />
Order Allow,Deny
</Directory>
OR
the same with
<Directory "/*">
OR
<Directory "/public/myhost/www/*">
and so one.
..htaccess in the assigned directory don't work too.
Same directive in subdirectory don't work,
and .htaccess in subdirectory don't work.

The only thing that work is :
<Location />
Order Deny,Allow
Deny from all
</Location>
return a good result.

I can override all options in <Directory> directives,
i can override authentification in .htaccess, and behaviours
are as desired.

I have tried both Allow,Deny - Deny,Allow with a lot of parms.
None work.
The assigned directories are not overriden by others vhost,
nor are the same as the root server.
The root server don't use any Directory directive too.
There's no alias.

It seem that <Directory> access are already done by the server
which don't apply vhost Denied access ; but if so, why others
options can be modified ?

I don't understand anything ! My Apache is 1.3.33, i work
with him since many years, i must use Denied access in a vhost.
Many thanks for helping me, i'm totally stuck.

Zorglub

zorglub

2006-02-13, 8:54 pm

zorglub wrote:
> Hi All,
> my trouble seem to be difficult :
> 'Order' directives don't work in a <VirtualHost> .. <Directory> section.
> I have tried a lot of configuration, but result are the same.
>
> Typical conf. that DON'T work :
>
> NameVirtualHost 192.168.0.10
>
> <VirtualHost 192.168.0.10>
> ServerName myhost.mydomain.com
> DocumentRoot /public/myhost/www
> <Directory /public/myhost/www>
> Order Allow,Deny
> </Directory>
> </VirtualHost>
> OR
> the same with
> <Directory />
> Order Allow,Deny
> </Directory>
> OR
> the same with
> <Directory "/*">
> OR
> <Directory "/public/myhost/www/*">
> and so one.
> .htaccess in the assigned directory don't work too.
> Same directive in subdirectory don't work,
> and .htaccess in subdirectory don't work.
>
> The only thing that work is :
> <Location />
> Order Deny,Allow
> Deny from all
> </Location>
> return a good result.
>
> I can override all options in <Directory> directives,
> i can override authentification in .htaccess, and behaviours
> are as desired.
>
> I have tried both Allow,Deny - Deny,Allow with a lot of parms.
> None work.
> The assigned directories are not overriden by others vhost,
> nor are the same as the root server.
> The root server don't use any Directory directive too.
> There's no alias.
>
> It seem that <Directory> access are already done by the server
> which don't apply vhost Denied access ; but if so, why others
> options can be modified ?
>
> I don't understand anything ! My Apache is 1.3.33, i work
> with him since many years, i must use Denied access in a vhost.
> Many thanks for helping me, i'm totally stuck.
>
> Zorglub

Ok, one half a day to understand one things :
precedence of Root Server Config over Virtual Server Config.

The precedence rules are :
RootServer
Alias
Directory
Location
Virtual Host
Alias
Directory
Location
This is clear for everyone, but :
if you set a rule at RootServer->Location level specifying an Order
access rule for root Location eg :
<Location />
<Limit CONNECT>
...
</Location>
you loose the rule on the Virtual Host level specifying a new
Order access rule at every level under Location, ie Directory, Alias.
The only thing you can do is to specify an other rule on the Location
level over the '/' location itself.
Not easy to understand, but this is the explanation i found.
And my try work well now.
Hope this help,

z.