[pve-devel] apache directory access
Lars Wilke
lw at lwilke.de
Mon Apr 30 00:06:10 CEST 2012
Hi,
Debian ships with /etc/apache/conf.d/security
in which this snippet is defined but commented out:
<Directory />
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
decommenting/enabling this part breaks the webgui.
The reason for this is that
/etc/apache2/sites-available/pve.conf defines the following
in the VirtualHost stanza:
Alias /pve2/ext4 /usr/share/pve-manager/ext4/
but DocumentRoot is set to /usr/share/pve-manager/root
and "Allow all" is only defined for the DocumentRoot.
Therefor the access rights for / are inherited.
A possible fix would be to define a directory object for
/usr/share/pve-manager and allow acces there, analoguos
to DocumentRoot or define these objects for the aliased
directories only.
Could that be done, b/c enabling "deny all" for /
is AFAIK best practice.
cheers
--lars
More information about the pve-devel
mailing list