git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Trouble-shooting Apache 2.2 Alias


The only other thing I can think of right now is that either the <Directory /opt/repository/rhel_patch_updates> config is somehow not included (but in that case the Alias probably wouldn't work either), or it is before the <Directory /> block, which then overrides the former.  All of this is assuming that you only have two <Directory> blocks in your config.  Anyway, order matters.

On Mon, Oct 29, 2018 at 1:39 AM Leam Hall <leamhall@xxxxxxxxx> wrote:
Hey Jonathon, SELinux is on permissive. Checked that early on.  :)

The biggest clue for me seems to be that if we open up the "<Directory
/>" to Allow by default things work. Otherwise they don't.

Leam

On 10/28/18 9:26 AM, Jonathon Koyle wrote:
> It may be getting denied by SELinux, I suspect the label on your aliased
> directory die not allow httpd access.  You will likely need to look into
> semanage, something like this may do what you need, but I'm not an
> expert at SELinux myself... redhat provides some explanation here:
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-troubleshooting-top_three_causes_of_problems#sect-Security-Enhanced_Linux-Top_Three_Causes_of_Problems-Labeling_Problems
>
>
> # semanage fcontext -a -t httpd_sys_content_t '/opt/repository/rhel_updates(.*)?'
> # restorecon -R -v /opt/repository/rhel_updates
>
>
> On Sat, Oct 27, 2018, 06:08 Leam Hall <leamhall@xxxxxxxxx
> <mailto:leamhall@xxxxxxxxx>> wrote:
>
>     On 10/27/18 7:49 AM, Eric Covener wrote:
>      > On Sat, Oct 27, 2018 at 7:29 AM Leam Hall <leamhall@xxxxxxxxx
>     <mailto:leamhall@xxxxxxxxx>> wrote:
>      >>
>      >> The only fix seems to be making the "<Directory />" more open
>     than we
>      >> want. It seems like Apache can't handle a more open
>     sub-directory than
>      >> whatever is allowed for the root directory.
>      >
>      > Apache can handle that just fine.  Show the smallest verbatim
>      > configuration that demonstrates something unexpected along w/ the
>      > logs.
>
>
>     Hey Eric, I appreciate the help! Here's what I have, though it is
>     transcribed.
>
>     Set locally required limited OS access.
>
>              <Directory />
>                Options None
>                Order deny,allow
>                Deny from all
>              </Directory>
>
>     We use Apache as a yum repo, and store the rpms outside of the
>     DocumentRoot.
>
>              Alias "/rhel/updates" "/opt/repository/rhel_patch_updates"
>              <Directory "/opt/repository/rhel_patch_updates">
>                Options All
>                Order allow,deny
>                Allow from all
>              </Directory>
>
>
>     When we hit 'http://myserver/rhel/updates' the error_log says it is
>     denied by server configuration. I've set the LogLevel to "debug" and
>     that's all I get. The log is at work, sorry. I'm the one who did the
>     server configuration so my bet is "operator error", just not sure
>     how to
>     fix it.
>
>     Appreciate any help you can provide. Thanks!
>
>     Leam
>
>
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>     <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
>     For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>     <mailto:users-help@xxxxxxxxxxxxxxxx>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx