[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Apache <Files>...</Files> problem

To: suse-security@xxxxxxxx
Subject: Re: [suse-security] Apache <Files>...</Files> problem
From: suse@xxxxxxxxxxxx
Date: Mon, 2 Jan 2006 13:34:00 +0000 (GMT)
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <43B8E8ED.2060803@xxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <Pine.LNX.4.61.0601012011450.6119@xxxxxxxxxxxx> <200601012325.52052.joe.knall@xxxxxxx> <Pine.LNX.4.61.0601012235020.6791@xxxxxxxxxxxx> <200601020007.49867.joe.knall@xxxxxxx> <Pine.LNX.4.61.0601020514200.7762@xxxxxxxxxxxx> <43B8E8ED.2060803@xxxxxxx>

In normal use yes.

But I set up the directories to disallow access from 
localhost and 10.0.0.3 , my laptop on LAN, to test whether 
the files were still accessible, even though the server 
config should have denied access - for testing purposes.

I then tested for allowing access from localhost, but not 
from 10.0.0.3. This worked as expected too.

I think I have isolated the problem as this:

# THIS IS CAUSING THE PROBLEM WITH <Files>...</Files>
#
# remove the CONNECT bug # 
http://bugs.php.net/bug.php?id=19113
#
#<Location />
#  <Limit CONNECT>
#  Order deny,allow
#  Deny from all
#  </Limit>
#</Location>

When I un-comment the above, the error appears. If I 
comment out the above, the error goes away. 

If anyone else on the list is using this patch, maybe they 
need to check out their configuration too.

This has been bugging me for ages.

It's nice to be able to configure apache directories now, 
and know what behaviour to expect.

Many thanks to Joe Knall for all his suggestions, and help 
by sending me a copy of his httpd.conf file in the early 
hours!

If anyone else wants a copy of my cut-down httpd.conf file, 
then I will be pleased to email it to you off-list. It's 
based on Joe's version, but obviously tailored for my 
set-up. 

Happy new year to everyone.

Keith Roberts

On Mon, 2 Jan 2006, Luis Guilherme wrote:

> To: suse@xxxxxxxxxxxx
> From: Luis Guilherme <luis.guilherme@xxxxxxx>
> Subject: Re: [suse-security] Apache <Files>...</Files> problem
> 
> Hi, i think you are denying the access to php files, you should replace
> the second Deny All with Allow all, you want to allow .PHP from client
> connections, right?
> 
> suse@xxxxxxxxxxxx wrote:
> > Well - it works!
> > 
> > Thanks very much for all your help Joe.
> > 
> > I still don't yet know what the problem was though.
> > 
> > I need to fine-tune my config.
> > 
> > As I add more to my working httpd.conf file, hopefully I will find
> > out what was causing the original problem.
> > 
> > When I discover the error, I will post it on the mailing list.
> > 
> > Thanks again
> > 
> > Keith

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

References:
- [suse-security] Apache <Files>...</Files> problem
  - From: suse
- Re: [suse-security] Apache <Files>...</Files> problem
  - From: Joe Knall
- Re: [suse-security] Apache <Files>...</Files> problem
  - From: suse
- Re: [suse-security] Apache <Files>...</Files> problem
  - From: suse

Prev by Date: Re: [suse-security] SSH Failure: No route to host
Next by Date: [suse-security] iptables: DNAT from port x to port y
Previous by thread: Re: [suse-security] Apache <Files>...</Files> problem
Next by thread: [suse-security] SSH Failure: No route to host
Index(es):
- Date
- Thread