1

as per my understanding in Apache Directory directives refer to file system objects , Location refer to element in the request URI. So if the URI matches the objects in file system, why to use Directory and Location interchangeably ? 

ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/"
Alias /otrs-web/ "/opt/otrs/var/httpd/htdocs/"

<IfModule mod_perl.c>

    # Setup environment and preload modules
    Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl

    # Reload Perl modules when changed on disk
    PerlModule Apache2::Reload
    PerlInitHandler Apache2::Reload

    # general mod_perl2 options
    <Location /otrs>
#        ErrorDocument 403 /otrs/customer.pl
        ErrorDocument 403 /otrs/index.pl
        SetHandler  perl-script
        PerlResponseHandler ModPerl::Registry
        Options +ExecCGI
        PerlOptions +ParseHeaders
        PerlOptions +SetupEnv

        <IfModule mod_version.c>
            <IfVersion < 2.4>
                Order allow,deny
                Allow from all
            </IfVersion>
            <IfVersion >= 2.4>
                Require all granted
            </IfVersion>
        </IfModule>
        <IfModule !mod_version.c>
            Order allow,deny
            Allow from all
        </IfModule>
    </Location>

    # mod_perl2 options for GenericInterface
    <Location /otrs/nph-genericinterface.pl>
        PerlOptions -ParseHeaders
    </Location>

</IfModule>

<Directory "/opt/otrs/bin/cgi-bin/">
<Directory "/opt/otrs/bin/cgi-bin/">
    AllowOverride None
    Options +ExecCGI -Includes

    <IfModule mod_version.c>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
    </IfModule>
    <IfModule !mod_version.c>
        Order allow,deny
        Allow from all
    </IfModule>

    <IfModule mod_filter.c>
        <IfModule mod_deflate.c>
            AddOutputFilterByType DEFLATE text/html text/javascript application/javascript text/css text/xml application/json text/json
         </IfModule>
    </IfModule>

</Directory>

EDIT:

Thank you. Here’s how I understand but please feel free to correct me. I’m here to learn from my mistakes  ScriptAlias /otrs/ "/opt/otrs/bin/cgi-bin/" designates the target directory for CGI programs.

In /opt/otrs/bin/cgi-bin/ I have the following content:

drwxrwsr-x 4 otrs apache  205 Nov 13 16:39 ..
drwxrwsr-x 2 otrs apache  139 Oct 22 09:27 .
-rwxrwx--- 1 otrs apache 3.4K Sep 28 01:40 app.psgi
-rwxrwx--- 1 otrs apache 1.2K Sep 28 01:40 customer.pl
-rwxrwx--- 1 otrs apache 1.2K Sep 28 01:40 index.pl
-rwxrwx--- 1 otrs apache 1.2K Sep 28 01:40 installer.pl
-rwxrwx--- 1 otrs apache 1.2K Sep 28 01:40 nph-genericinterface.pl
-rwxrwx--- 1 otrs apache 1.2K Sep 28 01:40 public.pl
-rwxrwx--- 1 otrs apache 7.2K Sep 28 01:40 rpc.pl

So as per my understanding if I call https://ipv4/otrs/index.pl it will trigger that particular script located under /opt/otrs/bin/cgi-bin/

So with the section all the scripts under "/opt/otrs/bin/cgi-bin/" will have the options between <Location /otrs> </Location> applied. If I access https://ipv4/otrs/nph-genericinterface.pl the options from the section <Location /otrs> </Location> will be merged along with the options set within <Location /otrs/nph-genericinterface.pl> </Location>

But then I have the same content defined under <Directory "/opt/otrs/bin/cgi-bin/">

What is the reason for this ? Aren't both directives referring to exactly the same thing ?

Improve this question

1 Answer 1

Reset to default
2

The Directory and Files specifications apply specifically to the file system. Typically, access to only a few directory trees is permitted. Access to certain files such as .htaccess is usually forbidden, For some sites, the Directory and File specifications are sufficient, and no Location specifications are required. These specifications are generally used to control which directories can be accessed.

Location specifications apply to the webspace (which may contain content which does not exist in the file system). This is more in line with the design of a website, and don't require consideration of the directory path. These options typically specify how content on specific paths is handled.

There are precedence rules and ordering rules the control which specifications will apply. Ordering of the two Location blocks is important.

Setting things like the perl-script handler can be done in many locations. To some extent choosing where to set it requires understanding how much of the site you want delivered as perl CGI content. Restricted access is generally more secure. As Location directives override (where permitted) Directory directives, they provide the least access. If the directory, was accessible by a diferrent URL path, the Location directives would not apply.

Original response: It is unusual for Location and Directory to point to the same location. Normally, the site root is /var/www or some similar directory. In your case it appears you are using various directories within /opt.

For otrs, the Directory specification is /opt/otrs/bin/cgi-bin and the Location would be /otrs. For 'ortr-web', the Directory specification is /opt/otrs/var/httpd/htdocs and the Location would be /otrs-web.

If you scan the Apache configuration you should notice that access to directory '/' is denied, and access to the site root is permitted. Normally access to the file system is controlled with Directory specifications, and access to URL paths is controlled with Location specifications. Baring the use of alias specifications Location specifications are relative to the directory specified in the Docroot. Location can specify virtual locations which don't exist on disk such as /server-status and /server-info.

Improve this answer
1
  • please see the edit of my question
    – blabla_trace
    Commented Nov 14, 2018 at 14:02

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .