Apache HTTP Server: Alias Usage and Permission Issues Solving

By using Alias, administrator can configure those resources not under DocumentRoot directory and make them accessible by HTTP server. This article to tell how to configure Alias and how to solve often occurred permission issues.

Photo by Markus Spiske on Unsplash

Configuration for Alias

By default, Apache HTTP Server configuration file is /etc/httpd/conf/httpd.conf and Alias is controlled by alias_module . To access those directories or files located in other places rather than under DocumentRoot , we need to use Alias . For example, if DocumentRoot is /var/www/html but we want to access the directory /var/log by URL /log/ and list files and sub-directories under /var/log. Then, we need to have below configuration change:

  • Add below line inside <IfModule alias_module>
Alias /log/ /var/log/
  • Add <Directory> section to allow access to filesystem path /var/log
<Directory "/var/log/">
Options +Indexes
Require all granted
</Directory>

Note: 📓

  • Options +Indexes is to allow Apache HTTP Server generate indexes for the directory. If this is not configured, then you will get the error message like below one in /var/log/httpd/error_log :
AH01276: Cannot serve directory /var/log/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive
  • Require all granted is to allow access from anywhere. You can also replace all to specific client host address. However, if you missed this configuration item, you will get the error message like below one in /var/log/httpd/error_log :
AH01630: client denied by server configuration: /var/log/

Both above errors will result in 403 status code when you try access /log :

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> </body></html>

More tricky Permission Issue

In most cases, you will still get the 403 error above, even you have correctly configured the items aforementioned. However, when you check error_log , the error is different: (if you used any other new created directory, e.g. /example/)

AH01275: Can't open directory for index: /example/

This is due to security context issue and must be solved by the command chcon :

sudo chcon -R --reference=/var/www/html /example

A security context, or security label, is the mechanism used by SELinux to classify resources, such as processes and files, on a SELinux-enabled system. This context allows SELinux to enforce rules for how and by whom a given resource should be accessed. A security context is typically shown as a string consisting of three or four words. Each word specifies a different component of the security context, namely the user, role, type, and level of that file or process. Each word is separated by a colon. Check the Fedora wiki page for more details.

That’s all about Alias usage, techniques to configure it and solution for tricky permission issue. The problem is that it’s not easy to find workable solution by reading Apache HTTP Server Documentation. Thus, hope this article can help you when you fall in trouble like me before writing this article.

Thanks for reading and happy coding!

Now, it’s time to be relax! 😀

wenijinew@fedora:/ 12:34 > curl -Is http://192.168.1.4/logs/
HTTP/1.1 200 OK
Date: Wed, 06 Oct 2021 10:34:46 GMT
Server: Apache/2.4.43 (Fedora)
Content-Type: text/html;charset=ISO-8859-1

References:

--

--

--

A coder, and an artist.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cloud Comes in Many Forms, Sizes, and Shapes

Kubernetes 09 / Pod-Affinity &Anti-Affinity

Step-By-Step: Manage Your Website Translations Like a Pro Using FlyCode

Why we dropped event sourcing with Kafka Streams when given a second chance

How to avoid making a mess of timestamps and time zones—Part 1

21. Let’s Be Friends. The Year of Paying Attention

Let’s make a difference to be a good programmer

How we used testing in our Unity3D game

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bruce Wen

Bruce Wen

A coder, and an artist.

More from Medium

Embedding static files in Go binaries

Snake JARs, Part II: Fangs in the grass

Building GraalVM Native Image of a Polyglot Java+numpy application

Building your Applications in OpenShift from a GitHub Private Repository