FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 04-19-2012, 03:51 PM
Matthieu Moy
 
Default "Deny" directives silently ignored in config files

Hi,

I have a server running Apache HTTPD 2.2.16, installed as Debian
package (Debian Squeeze).

Some time ago, "Deny from XXX" directives were correctly taken into
account, both in .htaccess files and in system-wide configuration files
(/etc/apache2/*). I noticed recently that it is no longer the case. I
suspect that this breakage occured when migrating the server from Debian
Lenny to Debian Squeeze, but I'm not sure.

According to "apachectl -t -D DUMP_PACKAGES", the module
authz_user_module is loaded (it says "(shared)").

I tried the following:

<Location /tmp/>
Order deny,allow
Deny from all
#RewriteEngine On
#RewriteRule . - [F]
</Location>

As it is, the location /tmp/ isn't denied. If I uncomment the Rewrite
rule, it is denied (hence, the config file is read, and the location is
properly specified).

This is a production server so I have limited testing possibilities (but
I do have a test virtualhost on which the problem occurs). I tried
reproducing the problem on a test machine, with the same version and a
full copy of /etc/apache2/ (copied with "rsync -av", only modified to
replace the IP address and DNS name of the server), but the test machine
does not exhibit the problem. I did not copy the files in DocumentRoot.

I tried disabling .htaccess files on the server, in case the problem
would be caused by a .htaccess file, but the problem is still there.

I saw nothing in the logs. access.log shows normal accesses (i.e. code
200), and error.log does not change while accessing the pages to be
denied. "apachectl graceful" does not display any warning.

Any idea on what's going on? Where to look for the error?

Thank you very much in advance,

(please, keep me Cc-ed, I'm not subscribed)

--
Matthieu Moy
http://www-verimag.imag.fr/~moy/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: vpqobqng1p6.fsf@bauges.imag.fr">http://lists.debian.org/vpqobqng1p6.fsf@bauges.imag.fr
 
Old 04-21-2012, 12:00 PM
Camaleón
 
Default "Deny" directives silently ignored in config files

On Thu, 19 Apr 2012 17:51:01 +0200, Matthieu Moy wrote:

> I have a server running Apache HTTPD 2.2.16, installed as Debian package
> (Debian Squeeze).
>
> Some time ago, "Deny from XXX" directives were correctly taken into
> account, both in .htaccess files and in system-wide configuration files
> (/etc/apache2/*). I noticed recently that it is no longer the case. I
> suspect that this breakage occured when migrating the server from Debian
> Lenny to Debian Squeeze, but I'm not sure.

(...)

I'd would run a couple of basic tests:

- First, as you're on a production server, don't touch the configuration
that is currently working and prevent users accessing the "/tmp"
location, just create an additional <Location> block that points to a
"test" folder with no relevant data on it and check if you get the same
behaviour with this.

- If the problem persists, instead using <Location> try with <Directory>
and see if there's any difference.

> (please, keep me Cc-ed, I'm not subscribed)

Sorry, I can't, hope you can read the mailing list archives :-(

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: jmu7hb$g9$11@dough.gmane.org">http://lists.debian.org/jmu7hb$g9$11@dough.gmane.org
 
Old 04-23-2012, 03:01 PM
Matthieu Moy
 
Default "Deny" directives silently ignored in config files

> On Thu, 19 Apr 2012 17:51:01 +0200, Matthieu Moy wrote:
>
> > I have a server running Apache HTTPD 2.2.16, installed as Debian package
> > (Debian Squeeze).
> >
> > Some time ago, "Deny from XXX" directives were correctly taken into
> > account, both in .htaccess files and in system-wide configuration files
> > (/etc/apache2/*). I noticed recently that it is no longer the case. I
> > suspect that this breakage occured when migrating the server from Debian
> > Lenny to Debian Squeeze, but I'm not sure.
>
> (...)
>
> I'd would run a couple of basic tests:
>
> - First, as you're on a production server, don't touch the configuration
> that is currently working and prevent users accessing the "/tmp"
> location, just create an additional <Location> block that points to a
> "test" folder with no relevant data on it and check if you get the same
> behaviour with this.

Yes, this is what I had already done.

> - If the problem persists, instead using <Location> try with <Directory>
> and see if there's any difference.

I tested that too, and it doesn't change the issue.

> > (please, keep me Cc-ed, I'm not subscribed)
>
> Sorry, I can't, hope you can read the mailing list archives :-(

Less convenient, but yes, I did check the archives ;-).

Thanks,

--
Matthieu Moy
http://www-verimag.imag.fr/~moy/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: vpqmx62mr0s.fsf@bauges.imag.fr">http://lists.debian.org/vpqmx62mr0s.fsf@bauges.imag.fr
 
Old 04-23-2012, 04:21 PM
Camaleón
 
Default "Deny" directives silently ignored in config files

On Mon, 23 Apr 2012 17:01:07 +0200, Matthieu Moy wrote:

>> On Thu, 19 Apr 2012 17:51:01 +0200, Matthieu Moy wrote:
>>
>> > I have a server running Apache HTTPD 2.2.16, installed as Debian
>> > package (Debian Squeeze).
>> >
>> > Some time ago, "Deny from XXX" directives were correctly taken into
>> > account, both in .htaccess files and in system-wide configuration
>> > files (/etc/apache2/*). I noticed recently that it is no longer the
>> > case. I suspect that this breakage occured when migrating the server
>> > from Debian Lenny to Debian Squeeze, but I'm not sure.
>>
>> (...)
>>
>> I'd would run a couple of basic tests:
>>
>> - First, as you're on a production server, don't touch the
>> configuration that is currently working and prevent users accessing the
>> "/tmp" location, just create an additional <Location> block that points
>> to a "test" folder with no relevant data on it and check if you get the
>> same behaviour with this.
>
> Yes, this is what I had already done.
>
>> - If the problem persists, instead using <Location> try with
>> <Directory> and see if there's any difference.
>
> I tested that too, and it doesn't change the issue.

(...)

Wow. Let's see if someone can give you any other hint to solve this.

Have you considered in purging the apache package(s) and reinstalling it
again? (with a good set of backup copies for the sites you host, of
course...).

To be sincere, it's not a solution I'd like to go with (and that's why I
always install a new OS from scratch instead doing "in site" upgrades, to
minimize these kind of problems) but considering the same configuration
files are working on a fresh installed system, it seems to indicate the
problem can be of a different nature (package-mix?) :-?

>> > (please, keep me Cc-ed, I'm not subscribed)
>>
>> Sorry, I can't, hope you can read the mailing list archives :-(
>
> Less convenient, but yes, I did check the archives ;-).

Good!

And sorry, but I'm using Pan (newsreader) with Gmane (a "mail to news"
gateway) and I've not found an easy way to send a copy of a message other
than the newsgroup itself.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: jn3vim$68l$6@dough.gmane.org">http://lists.debian.org/jn3vim$68l$6@dough.gmane.org
 

Thread Tools




All times are GMT. The time now is 05:00 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org