How to whitelist a directory in apache

Question

Files that I want to serve via browser are located at /root/my_folder (ubuntu 14.04). I changed a path from /var/www/html to /root/my_folder in /etc/apache2/sites-available/000-default.conf, after that I get forbidden error when I try to access it in browser.

Apache default welcoming page states that:

By default, Ubuntu does not allow access through the web browser to any file apart of those located in /var/www, public_html directories (when enabled) and /usr/share (for web applications). If your site is using a web document root located elsewhere (such as in /srv) you may need to whitelist your document root directory in /etc/apache2/apache2.conf.

How do I whitelist my root directory in /etc/apache2/apache2.conf, what syntax do I use?

Answer 1

You cannot and shouldn't serve from the /root directory. It is accessible only by the root user while Apache is running with user www-data. Take a look at the error log, and you'll see that Apache complains about permissions:

tail -f /var/log/apache2/error.log

If you are working with the root user on your system anyway, then you should upload files directly inside /var/www/html, since you already have permissions there.

Answer 2

The easiest workaround would probably be to bind mount that directory under /var/www/html like this:

mount -t none -o bind,ro /root/my_folder /var/www/html

then start Apache.

Note: On the Fedora Linux distribution and probably others using systemd, some services don't see the mounts done after they were started because of some security features enabled by default. For more details read systemd for Administrators, Part XII. Also if using SELinux, the files need to have a proper label like public_content_t for example.