Need help overriding a strict httpd.conf directory setting

Frodo asked:

Per requirements of a project I am working on, the apache httpd.conf must have the following restrictive setting as a security measure.

<Directory />
    Order Deny,Allow
    Deny from all
    Options None
    AllowOverride None
</Directory>

I’ve added this for my virtual host, which was also set out by my project requirements.

<Directory /var/www/html/>
    Options -Indexes -Includes -FollowSymLinks -MultiViews
    AuthType None
    Order allow,deny
    <LimitExcept GET POST OPTIONS>
        Deny from all
    </LimitExcept>
</Directory>

To be certain, this site is secure indeed, but I cannot even access my index.html! I’m am encountered with this error “You don’t have permission to access / on this server.”

When I remove the restrictive root directory settings, everything works perfectly fine. How do I go about fixing up my configuration, but sticking to the requirements? It seems to me like adding the directive for the document root in my virtual host did not work as expected or maybe I’m just not doing something else properly?

My answer:


You forgot to Allow from something in your virtual host’s Directory.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.