Home / server / Questions / 420493
Accepted
wodow
Asked: 2012-08-24 08:01:16 +0800 CST

How to avoid repeating Allow/Deny access control statements across multiple Directory directives in Apache2 VirtualHosts?

  • 772

On Apache2, I have a VirtualHost with a number of <Directory> directives/sections containing multiple access control statements

i.e.

<Directory /foo>
    Order Deny,Allow
    Deny from all
    Allow from ...
    Allow from ...
    ...
</Directory>
...

Is there a way to specify the access control at a higher level (above <Directory>)? Or should I be using macros?

Thanks in advance!

apache-2.2

1 Answers

  1. Best Answer

    If I understand your question, you're looking for a way to apply a set of allow/deny restrictions to a set of directories that may not share a common parent.

    You can place all your allow/deny directives into a separate file (call it, say, /etc/httpd/conf.d/accesslist, or whatever makes sense in your distribution), and then using the Include directory to include those rules where appropriate:

    <Directory /some/directory>
  Include /etc/httpd/conf.d/accesslist
</Directory>

<Directory /another/directory>
  Include /etc/httpd/conf.d/accesslist
</Directory>

    But if your directories all share a common configuration, you can use something like mod_macro to create a reusable template with variable substitution.

    • 2