Mailinglist Archive: opensuse-packaging (129 mails)

< Previous Next >
Re: [opensuse-packaging] Packaging web-apps for Apache 2.2/2.4 containing require/deny sections
  • From: Eric Schirra <ecsos@xxxxxxxxxxxx>
  • Date: Sat, 25 Apr 2015 10:47:25 +0200
  • Message-id: <3318425.cvbejoWXU4@client1>
Am Freitag, 24. April 2015, 10:44:02 schrieb Johannes Weberhofer:
Dear all!

Recently many Webapp packages contain complicated constructions to
allow/deny access to directories; those constructions can IMHO be
simplified.

1) Allow access. To ensured that access on Apache 2.4 is allowed it must be
ensured that the compatibility module (if installed) allows access _and_
the new module, too. Both could inherit DENY from other paths:

<IfVersion >= 2.4>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>


2) Disallow access. For Apache 2.4 it's enough to disallow access with one
strategy. So the structure can be more simple:

<IfVersion >= 2.4>
Require all denied
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Deny from all
</IfVersion>



Is this logic correct? Does anyone see a problem with that? Shall that be
documented in the wiki?

Point 1 seems from new bugzilla source.
Diskussion about that at: https://bugzilla.mozilla.org/show_bug.cgi?id=1121477

I normaly use:

<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order allow,deny
Allow from all
</IfModule>

and the complement for deny.

Regards
Eric

--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >
References