Why some directives in Apache vhost don't work with Ghost? - apache

CONTEXT. I work on a server running Centos 8.3 with Apache 2.4.37.
In Apache's vhosts.conf configuration file I have this vhost for one of my websites:
<VirtualHost *:80>
ServerAdmin se#site.com
DocumentRoot /var/www/html/site
ServerName site.com
ErrorLog /var/log/httpd/admin-site.com-error_log
CustomLog /var/log/httpd/admin-site.com-access_log common
<Directory "/var/www/html/site">
Options SymLinksIfOwnerMatch
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
<Files ~ "test\.txt">
Order Allow,Deny
Deny from all
</Files>
<FilesMatch "\.(txt|png)$">
Order Allow,Deny
Deny from all
</FilesMatch>
</VirtualHost>
I have these two different scenarios:
If in the DocumentRoot folder I put only static files (html, css, images, etc), the Files and FilesMatch directives work perfectly and the frontend looks excellent.
If I put a Ghost installation in the DocumentRoot folder, I necessarily have to add the following Proxy directives to the vhost. And when doing so, the frontend looks great too, but the Files and FilesMatch directives NOT work at all, i.e. the browser allows me to open site.com/test.txt and site.com /file.png, when they shouldn't open.
ProxyRequests off
ProxyPass / http://localhost:2368/
ProxyPassReverse / http://localhost:2368/
Any ideas how to get the Files and FilesMatch directives to work on my Ghost installation?
I already tried this:
For those thinking about .htaccess. If I activate AllowOverride so that the .htaccess is read: I already tried and the directives in the .htaccess don't work either.
For those thinking of Deny from all. I know Deny from all is for Apache 2.2, and for 2.4 Require all denied should be used. I have done tests and in my Apache 2.4 the Require does not work, it only works Deny from all.

Related

How to properly set the allow and deny for apache 2.4 conf and vhosts

I need some advice on how to properly setup the vhosts file directives preferably without changing the apache2.conf contents. This is for apache 2.4.
Currently, I get AH01797: client denied by server configuration probably caused by the Require all denied in the apache2.conf.
apache2.conf:
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
Require all denied
</Directory>
vhosts file:
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName sub.example.com
ServerAlias sub.example.com
<Directory /var/www/sub.example.com>
AllowOverride None
Allow from all
Require all granted
</Directory>
</VirtualHost>
</IfModule>
Thank you!
UPDATE
Adding this to the apache2.conf works, it just doesn't work in vhosts file. Any idea why?
<Directory /var/www/sub.example.com>
AllowOverride None
Allow from all
Require all granted
</Directory>
In 2.4, you shouldn't use Order, Deny, or Allow at all. Purge them and replace with Require.
UPDATE Adding this to the apache2.conf works, it just doesn't work in vhosts file. Any idea why?
Maybe the vhosts file isn't included in your configuration, or mod_ssl is not loaded so the whole thing is commented out? The IfModule doesn't make much sense here.

Virtual host not displaying correct files

Centos 7.1 and apache 2.4 - We have installed a new drive in our server and want to move all of our sites to that drive (mounted as /data) and sites are located in /data/vhosts
When trying to access the site we are presented with the apache welcome screen. I can confirm that the vhost is loaded as trying changing the permissions of the dir above results in a forbidden access. There is also an index.php file located in /data/vhosts/test.mydomain.com/public_html
# IP has been changed for example:
<VirtualHost 91.91.91.91:80>
DocumentRoot "/data/vhosts/test.mydomain.com/public_html"
ServerName test.mydomain.com
<Directory /data/vhosts/test.mydomain.com>
Options All
AllowOverride All
order allow,deny
allow from all
</Directory>
</VirtualHost>
UPDATE 1:
I have deleted the welcome.conf file in /etc/httpd/conf.d/ and I am not given a forbidden 403. It is important to note that this is a new drive and no permissions has been set on /data (or sub folders) for apache. I am not entirely sure if that makes a difference?
I have also made some slight alternations to the vhost conf file but no difference:
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot "/data/vhosts/test.mydomain.com/public_html"
ServerName test.mydomain.com
<Directory "/data/vhosts/test.mydomain.com">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory /data/vhosts/test.mydomain.com/public_html>
Options Indexes FollowSymLinks Includes ExecCGI
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>
</VirtualHost>

What could cause deny,allow directive to be ignored in .htaccess?

I cannot get allow and deny directives to work from an htaccess file within any directory in my web root. I am at a loss as to where I should look to configure this. I have checked the obvious (authz modules are loaded, allow overrides is set to all) Any ideas? Here are my configuration details.
I have an Apache 2.2 server running on RHEL. Within this server I have an IP based VirtualHost that is configured like where myipaddr and myserver are the actual IP address and host name respectively:
<VirtualHost myipaddr:80>
ServerName myserver
TransferLog /var/log/httpd/myserver.access
LogFormat loadbalanced
ErrorLog /var/log/httpd/myserver.error
DocumentRoot /var/www/myserver
<Directory /var/www/myserver>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I have tried more complex directives but even a simple .htaccess file that should deny everything has no effect.
Order deny,allow
Deny from all
It turns out the was a configuration file in /etc/httpd/conf.d that I did not realize was getting loaded and it was trumping the denies and allows within specific directories.
<Location />
Order allow,deny
Allow from all
<LimitExcept GET POST PUT DELETE>
Deny from all
</LimitExcept>
</Location>

How can I serve multiple sites with apache based on the URL

I have two separate Django projects that I want to serve up from the same machine. I'm trying to set up my VirtualHost configurations in apache to serve them up. I know I can serve them up on separate ports, but I'd rather do it based on the request URL. So example.com/app1 would go to one app and example.com/app2 would go to the other. ServerName and ServerAlias won't work since they only look at the Host, which in both cases would just be example.com. Is there any way to do this?
The ServerPath directive looked promising but it looks like, since it was only meant as a fallback for older browsers, apache only looks at ServerPath if the browser doesn't supply the Host field in the request.
Update: Here is what the VirtualHost configuration for my first app looks right now.
<VirtualHost *:80>
ServerAlias *
WSGIScriptAlias /app1 /home/eyuelt/app1/app1/wsgi.py
Alias /app1/static /home/eyuelt/app1/staticfiles
<Directory /home/eyuelt/app1/app1>
<Files wsgi.py>
Order deny,allow
Require all granted
</Files>
</Directory>
<Directory /home/eyuelt/app1/staticfiles>
AllowOverride None
Order deny,allow
Require all granted
</Directory>
</VirtualHost>

Redirect to a subfolder in Apache virtual host file

I have Joomla installed on a webserver running Ubuntu Server 12.04. The Joomla folder is located at /var/www/cms/.
My vhost file at /etc/apache2/sites-enabled/default has the following content:
<VirtualHost *:80>
ServerName domain.com/
Redirect permanent / https://domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName domain.com:443
DocumentRoot /var/www/cms
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/cms>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
(...)
</VirtualHost>
At the moment, all the requests to domain.com and anything entered after that like domain.com/example gets directed and processed by Joomla which either redirects to a proper page or returns a custom 404 error. This all works.
Now, I would like to filter all the requests that go to domain.com/subfolder before they get processed by Joomla and redirect them to /var/www/subfolder (instead of my root folder at /var/www/cms/).
I believe the file in /etc/apache2/sites-enabled/default (seen above) is the right place to define such a redirect, however I have not been able to figure out at what position and how to achieve this.
You should add to your configuration:
Alias /subfolder /var/www/subfolder
<Directory /var/www/subfolder>
Order allow,deny
allow from all
</Directory>
and fit the configuration between "Directory" to your needs.
See the Apache documentation to have more informations.