[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Trouble-shooting Apache 2.2 Alias

Hey Gillis, what do you mean by "not included"? Maybe I missed something.

We have two of these repositories, "updates" and "optional". Their configs are at the end of the httpd.conf file and they just have the "Alias" and "Directory" settings. They are also on a separate filesystem from the server root and the DocumentRoot. Should we add something else?



On 10/29/18 4:14 AM, Gillis J. de Nijs wrote:
The only other thing I can think of right now is that either the <Directory /opt/repository/rhel_patch_updates> config is somehow not included (but in that case the Alias probably wouldn't work either), or it is before the <Directory /> block, which then overrides the former. All of this is assuming that you only have two <Directory> blocks in your config.  Anyway, order matters.

On Mon, Oct 29, 2018 at 1:39 AM Leam Hall <leamhall@xxxxxxxxx <mailto:leamhall@xxxxxxxxx>> wrote:

    Hey Jonathon, SELinux is on permissive. Checked that early on.  :)

    The biggest clue for me seems to be that if we open up the "<Directory
    />" to Allow by default things work. Otherwise they don't.


    On 10/28/18 9:26 AM, Jonathon Koyle wrote:
     > It may be getting denied by SELinux, I suspect the label on your
     > directory die not allow httpd access.  You will likely need to
    look into
     > semanage, something like this may do what you need, but I'm not an
     > expert at SELinux myself... redhat provides some explanation here:

     > # semanage fcontext -a -t httpd_sys_content_t
     > # restorecon -R -v /opt/repository/rhel_updates
     > On Sat, Oct 27, 2018, 06:08 Leam Hall <leamhall@xxxxxxxxx
     > <mailto:leamhall@xxxxxxxxx <mailto:leamhall@xxxxxxxxx>>> wrote:
     >     On 10/27/18 7:49 AM, Eric Covener wrote:
     >      > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall
    <leamhall@xxxxxxxxx <mailto:leamhall@xxxxxxxxx>
     >     <mailto:leamhall@xxxxxxxxx <mailto:leamhall@xxxxxxxxx>>> wrote:
     >      >>
     >      >> The only fix seems to be making the "<Directory />" more open
     >     than we
     >      >> want. It seems like Apache can't handle a more open
     >     sub-directory than
     >      >> whatever is allowed for the root directory.
     >      >
     >      > Apache can handle that just fine.  Show the smallest verbatim
     >      > configuration that demonstrates something unexpected along
    w/ the
     >      > logs.
     >     Hey Eric, I appreciate the help! Here's what I have, though it is
     >     transcribed.
     >     Set locally required limited OS access.
     >              <Directory />
     >                Options None
     >                Order deny,allow
     >                Deny from all
     >              </Directory>
     >     We use Apache as a yum repo, and store the rpms outside of the
     >     DocumentRoot.
     >              Alias "/rhel/updates"
     >              <Directory "/opt/repository/rhel_patch_updates">
     >                Options All
     >                Order allow,deny
     >                Allow from all
     >              </Directory>
     >     When we hit 'http://myserver/rhel/updates' the error_log says
    it is
     >     denied by server configuration. I've set the LogLevel to
    "debug" and
     >     that's all I get. The log is at work, sorry. I'm the one who
    did the
     >     server configuration so my bet is "operator error", just not sure
     >     how to
     >     fix it.
     >     Appreciate any help you can provide. Thanks!
     >     Leam

To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx