Associate Alias with a VirtualHost

How do you associate an Alias with a specific VirtualHost?

Under sites-enabled/000-default, I have:


....



....


Then under a file in conf.d, I have an alias

Alias /blah /foor/bar
....

I want this alias to take affect only under the SSL virtual host, and to be
unavailable on port 80.

I tried wrapping the Alias and associated configs under a VirtualHost tag but
that creates overlapping VirtualHosts and breaks SSL completely. I also tried
going to a NameVirtualHost like so:

NameVirtualHost 1.2.3.4:443

ServerName www.mydomain.com
....

and wrapping the alias in a VirtualHost tag. This gets rid of the complaint
about overlapping VirtualHosts but also breaks SSL completely.

I could, of course, move the Alias and associated configs under the
section of 000-default, but that rather defeats the purpose of
having split config files.

I've pored over the Apache docs, dug through the wiki and tried a plethora of
different Google searches and haven't been able to find the answer to what I
would think would be a simple and fairly common scenario. Maybe my search-fu
is weak.

Any assistance or pointers to relevant pages or docs would be greatly
appreciated.


--
"Marijuana makes you sensitive. Courtesy has a great deal to do with being
sensitive. Unfortunately marijuana makes you the kind of sensitive where you
insist on everyone listening to the drum solo in Iron Butterfly's 'In-a-Gadda-
Da-Vida' fifty or sixty times." - P.J. O'Rourke

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Associate Alias with a VirtualHost

On Sun, Jan 3, 2010 at 1:24 PM, Daniel D Jones wrote:

> I want this alias to take affect only under the SSL virtual host

> I could, of course, move the Alias and associated configs under the
> section of 000-default, but that rather defeats the purpose of
> having split config files.

If you don't want to put the alias in the proper context (your own SSL
VirtualHost), you can configure it globally and redirect to SSL in a
container:
http://wiki.apache.org/httpd/RedirectSSL

Split config files allow the packager to maintain a subset of your
config files, and allow other packages to drop config files into place
without editing existing files, but there's little cause for adding
directives out of context to keep them tidy in some filesystem layout
that Apache doesn't care about.

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Associate Alias with a VirtualHost

On Sunday 03 January 2010 13:48:09 Eric Covener wrote:
> On Sun, Jan 3, 2010 at 1:24 PM, Daniel D Jones
wrote:
> > I want this alias to take affect only under the SSL virtual host
> >
> > I could, of course, move the Alias and associated configs under the
> > section of 000-default, but that rather defeats the purpose
> > of having split config files.

Thanks for the assist.

> If you don't want to put the alias in the proper context (your own SSL
> VirtualHost), you can configure it globally and redirect to SSL in a
> container:
> http://wiki.apache.org/httpd/RedirectSSL

Given:

Alias /blah /usr/share/blah

I was able to redirect by putting

Redirect permanent /blah https://www.mydomain.com/blah

in the global section of 000-default. (That is, it's under
but not under a container.) My first attempt was:

Redirect permanent /usr/share/blah https://www.mydomain.com/blah

Specifying the full path did not work. This seems a bit inconsistent, since
redirects under the DocumentRoot specify the full path, including the path to
the DocumentRoot.

This is acceptable but I'd prefer to just block access from http rather than
redirect. Neither of the following two approaches, placed under the default
, worked:


AllowOverride None
Order deny,allow
Deny from all



AllowOverride None
Order deny,allow
Deny from all


But the following:


AllowOverride None
Order deny,allow
Deny from all


where /var/www is the document root, does get denied from http.

> Split config files allow the packager to maintain a subset of your
> config files, and allow other packages to drop config files into place
> without editing existing files, but there's little cause for adding
> directives out of context to keep them tidy in some filesystem layout
> that Apache doesn't care about.

The conf.d file was installed by a package, and I'd prefer not to remove it if
possible so that future updates to the package won't be confused. I also think
split config files are easier to edit and maintain by hand but that's just a
matter of personal preference.

Out of curiosity, what are the advantages/disadvantages of using an alias to
redirect and simply creating a file link to the appropriate directory under
DocumentRoot? If I simply created a link /var/www/blah pointing to
/usr/share/blah, then I could use a container to block access, as
is done with the /var/www/ssl directory above. I suspect that there are
security implications but it isn't clear to me what they are.

Thanks again for your time and effort.

--
"The most glorious moments in your life are not the so-called days of success,
but rather those days when out of dejection and despair you feel rise in you a
challenge to life, and the promise of future accomplishments." - Gustave
Flaubert

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Associate Alias with a VirtualHost

> Redirect permanent /usr/share/blah https://www.mydomain.com/blah
>
> Specifying the full path did not work. =A0This seems a bit inconsistent, =
since
> redirects under the DocumentRoot specify the full path, including the pat=
h to
> the DocumentRoot.

AFAIK, it's always got to be a URL-path and not a filesystem path.

>
> This is acceptable but I'd prefer to just block access from http rather t=
han
> redirect. =A0Neither of the following two approaches, placed under the de=
fault
> , worked:
>
> =A0 =A0 =A0
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0AllowOverride None
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Order deny,allow
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Deny from all
> =A0 =A0 =A0 =A0

This would be for a literal directory of "/blah" in your filesystem.

>
> =A0 =A0 =A0
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0AllowOverride None
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Order deny,allow
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Deny from all
> =A0 =A0 =A0 =A0
>

Ought to work if you're really serving a static file mapped to that diretor=
y.

> Out of curiosity, what are the advantages/disadvantages of using an alias=
to
> redirect and simply creating a file link to the appropriate directory und=
er
> DocumentRoot? If I simply created a link /var/www/blah pointing to
> /usr/share/blah, then I could use a container to block access=
, as
> is done with the /var/www/ssl directory above. =A0I suspect that there ar=
e
> security implications but it isn't clear to me what they are.

Using Alias and a corresponding container (2nd arg of
Alias matches Directory container) is pretty normal. Something else
is confusing your tests.

--=20
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org