apache2: why <LimitExcept> parameter results “deny not allowed here” error in virtualhost tag?

apache-2.2 web-server configuration
19,694

Solution 1

As long as your <LimitExcept> block is within a context that's valid for the Allow/Deny directives, then it will work just fine.

If you try putting even a naked Deny rule directly in the <VirtualHost> context, you'll see that it's denied in the same way - <VirtualHost> with a Deny in it is not allowed, so neither adding a <LimitExcept> between them.

But, the trick is that <LimitExcept>, and some other block types like <IfModule>, do not modify the context of a directive; you'll never see "limit" in the list of acceptable contexts in the documentation for a directive.

There's are only four contexts that can dictate whether a directive is allowed:

  • server config
  • virtual host
  • directory (which includes <Location> and <Files> type directives, too)
  • .htaccess

In the case of the mod_authz_host directives (Order, Allow, and Deny), they're allowed only in directory and htaccess contexts, so they'll always error when they're not in one.

In your case, there's no filesystem location for this reverse-proxy vhost, so you'll want to use a <Location> block (which is a valid context for Allow/Deny because it's of the directory context type):

<Location />
    Order allow,deny
    Allow from all
    <LimitExcept HEAD POST GET>
        Deny from all
    </LimitExcept>
</Location>

Oh, and get rid of that <Proxy *> block, as it's not doing anything - the <Location> takes precedence over it anyway, but it's in conflict with the <LimitExcept>'s restrictions.. so it makes me nervous.

Solution 2

The error message is saying that Deny is not allowed in a <LimitExcept> block.

From a different part of the docs: "The directives provided by mod_authz_host are used in <Directory>, <Files>, and <Location> sections as well as .htaccess files".

Share:
19,694

Related videos on Youtube

destan
Author by

destan

A full stack web developer with focus on Spring Boot/MVC, microservices and React Works at Kod Gemisi, a software company in Izmir/Turkey

Updated on September 18, 2022

Comments

  • destan
    destan over 1 year

    I have asked the same question to stackoverflow but then I thought it might be more related to here.

    in apache's httpd.conf between VirtualHost tags I put <LimitExcept> expression like follows:

    <VirtualHost *:80>
 ServerName geopreprod.xxx.com.tr

 <LimitExcept HEAD POST GET>
     Deny from all
 </LimitExcept> 

  ProxyRequests Off
  ProxyPreserveHost On

  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass / http://XXXXXXXX...
  ProxyPassReverse / http://XXXXXXXX....
</VirtualHost>

    and then apache web server fails to start by giving following error:

    Syntax error on line 513 of XXXXX/httpd.conf:
deny not allowed here

    Although it says <LimitExcept> can be used in VirtualHost tag in offical docs why do I get this error?

    in apache docs it says:

    Context:    server config, virtual host, directory, .htaccess
  • destan
    destan over 12 years
    would it behave like I expected if I put <Directory> in <VirtualHost> and then put <LimitExcept> in <Directory> ?
  • Ladadadada
    Ladadadada over 12 years
    If you still had a Deny inside the <LimitExcept>, no. The problem is where you put the Deny.
  • destan
    destan over 12 years
    But when I do like that the server starts without error. Do you think the limit restriction won't work?
  • ravi yarlagadda
    ravi yarlagadda over 12 years
    @Ladadadada Actually it'll work when buried in a directory block (or a location block in this case, since there's no directory for a proxy config). See my answer.
  • Ladadadada
    Ladadadada over 12 years
    That makes perfect sense.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible to run two webservers on the same port on the same server? E.g., Apache and Lighttpd
What does "apache2ctl:: command not found" mean if Apache IS installed and running?
The connection was reset
Apache: VirtualHost *:80 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported
IIS7 doesn't see my default document - HTTP Error 403.14
Apache Sending "Content-Length : 0" , How to Fix?
How do I change the user that the Apache web server runs under in CentOS?
How to Make a joint Localhost for two PC connected to a modem with Xampp or other Web Server applications?
Setup Nameserver for an Apache Webserver
apache2: bad user name www-data