Apache Virtual Host file ordering
Posted by Itchy-Mycologist939@reddit | linuxadmin | View on Reddit | 9 comments
I have a single virtual host. Does the order of items inside have any significant impact on how its processed. I know my rewrite rules need to go before ErrorDocument, but what about SSL, Logging, CORS, etc...?
My concern is if CORS, SSL and Logging should be placed higher up or if it doesn't matter. Apache doesn't really give much in terms of ordering. https://httpd.apache.org/docs/2.4/vhosts/examples.html
DocumentRoot /var/www/www.example.com
<Directory /var/www/www.example.com>
...
Require all granted
</Directory>
# SSL
SSLEngine On
....
# CORS
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "https://www.example.com"
....
</IfModule>
# Rewrite
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} =""
RewriteRule ^/e$ - [R=404,L]
</IfModule>
# Errors
ErrorDocument 403 /e/403.html
ErrorDocument 404 /e/404.html
# Log
LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
aioeu@reddit
For those specific things, no, the order does not matter.
Most directives are "ambient" — they take effect no matter where they are within a particular scope. Some directives do impose some ordering, but as far as I know that is only significant when considering the directives provided by a single module. Directives provided by different modules can be considered independently.
(Note that I said "within a particular scope" there. You obviously have to consider how
VirtualHost,Directory, etc. scopes are merged. The documentation has good information on that. In short: each module applies its own rules on how directives are merged.)Itchy-Mycologist939@reddit (OP)
For some reason if I switch the order of #Errors and #Rewrite blocks, it fails to work which is why I was curious if other sections would be affected by changing the ordering.
Also good point on the if blocks.
aioeu@reddit
I can't see why it would fail. How is
ErrorDocumentsupposed to know that there is rewrite rule that might, possibly, under some circumstances, be related to it?Itchy-Mycologist939@reddit (OP)
The RewriteRule prevents direct access to the ErrorDocument. So if I go to /e/403.html, it shows me the content from /e/404.html instead.
aioeu@reddit
That's not because Apache is misinterpreting your config, it's because the config just doesn't say what you want it to say. I updated my previous comment with more details.
Itchy-Mycologist939@reddit (OP)
Yeah I found the typo here
changed it to
and now it works no matter the order
aioeu@reddit
Why would it? It's a large language model. It doesn't actually know anything about what it says.
ImpossibleEdge4961@reddit
The AI has access to the entire Apache documentation. It's just that current AI systems don't really process entire document sources all at once. So it's ability to correlate some random directive with some other directive on some other page is impaired.
The issue here was that they just wanted to do a weird thing for some reason. From what I gather, if the user tries to access the 403 page directly they get a 404 error instead.
That doesn't seem to be something useful as opposed to just what they want to have happen. Since I'm not sure what that's supposed to accomplish a human would probably also make a mistake that fell into that "syntactically correct but non-functional" gap.
ImpossibleEdge4961@reddit
What is the "it" that is failing to work? Rewrite rules are sensitive to order but most Apache configuration is just declaring state and so order wouldn't represent any sort of meaningful information (to apache, anyways).