[pve-devel] apache directory access
Dietmar Maurer
dietmar at proxmox.com
Mon Apr 30 11:09:56 CEST 2012
Fixed in pve-manager_2.1-2_all.deb (pvetest repository)
Many thanks for reporting that issue,
- Dietmar
> -----Original Message-----
> From: pve-devel-bounces at pve.proxmox.com [mailto:pve-devel-
> bounces at pve.proxmox.com] On Behalf Of Lars Wilke
> Sent: Montag, 30. April 2012 00:06
> To: pve-devel at pve.proxmox.com
> Subject: [pve-devel] apache directory access
>
> Hi,
>
> Debian ships with /etc/apache/conf.d/security in which this snippet is
> defined but commented out:
>
> <Directory />
> AllowOverride None
> Order Deny,Allow
> Deny from all
> </Directory>
>
> decommenting/enabling this part breaks the webgui.
>
> The reason for this is that
>
> /etc/apache2/sites-available/pve.conf defines the following in the
> VirtualHost stanza:
>
> Alias /pve2/ext4 /usr/share/pve-manager/ext4/
>
> but DocumentRoot is set to /usr/share/pve-manager/root
>
> and "Allow all" is only defined for the DocumentRoot.
>
> Therefor the access rights for / are inherited.
>
> A possible fix would be to define a directory object for /usr/share/pve-
> manager and allow acces there, analoguos to DocumentRoot or define these
> objects for the aliased directories only.
>
> Could that be done, b/c enabling "deny all" for / is AFAIK best practice.
>
> cheers
> --lars
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list