I am trying to configure an Apache Server version 2.4 to restrict external users from accessing some pages.
I have something looking like that but it is not very concluent since the page if forbidden for everybody:
<Directory /var/www/html/folder>
<Files *.php>
Require ip x.x.x.x/24
</Files>
</Directory>
I tried other syntaxes for subnets (x.x.x, x.x.x.0 ...) nothing seemed to work
What's the correct way to do this ? Thank you
Related
for some reason, when I attempt to ban an IP, it does nothing whatsoever. Other ways I have tried end up banning all access to my server, such as using the old "Allow, deny" directives.
This is a snippet from my httpd.conf file
DocumentRoot "C:/xampp/htdocs"
<Directory "C:/xampp/htdocs">
Options FollowSymLinks Includes ExecCGI
AllowOverride All
<RequireAll>
Require all granted
Require not ip 71.111.245.13
</RequireAll>
</Directory>
I am using XAMPP on Windows 7 with Apache 2.4.53 and the server is forwarded to a domain name with a valid SSL cert as well.
My current solution is to verify the IP in a mySQL database of banned IPs through PHP and redirect banned users away from accessing content, which is working but, in anyone's opinion, is it better to use Apache to ban users?
I'm using a server 2008 r2. There I've installed Wamp on port 8080, SSRS on port 8063 and Some IIS sites on various ports.
I've installed CCproxy on the same server.
The funny thing is, I can't access them via server IP:port (192.168.8.100:8080) But I can, however, access it by Host:port (Mainserver:8080).
Then I thought it might be a clash between those services and installed wamp on a windows 8.1 computer and even that I can't access via the IP.
Please help.
Thanks
it looks like you are trying to access your website by using the local IP range 192.168.1.100. In some WAMP default configs, the devs have set the apache config to disallow access except from localhost.
Try to open the httpd.conf file located at
C:\wamp\bin\apache\apache#.#.#\conf\httpd.conf
Find the <Directory "c:/wamp/www"> block and replace the Order Deny,Allow and everything that follows with Order Allow,Deny followed by Allow from all. The end result should look like something similar to this:
DocumentRoot "c:/wamp/www"
<Directory "c:/wamp/www">
Options Indexes FollowSymLinks
Order Allow,Deny
Allow from all
</Directory>
To be safe, look into the virtual hosts config file and see if you find any Order Deny,Allow directives and replace them as well. The file is located at C:\wamp\bin\Apache#.#.#\conf\extra\httpd-vhosts.conf
You can read more about Order Directive from the Apache Documentation
P.S.: Sorry me and please be lenient with my English.
I have the situation when some IP must blocked and better way for this on my mind - htaccess. It cause I have many entry points. It easy and works fine...
I do:
<Files *>
Order allow,deny
deny from aaa.aaa.aaa.aaa/aa
deny from bbb.bbb.bbb.bbb/bb
Allow from all
</Files>
BUT! There one more things. I have a few devices which should be allowed access even if they go through the denied IP.
I can't install some module for Apache. So I need some simply way for decide it.
Can someone give me some ways or some tricks for it?
You need some way of identifying those devices, then you can add an environment variable to set up an exception and use access control by environment variable. For example, if you can do it by user-agent:
SetEnvIf User-Agent SpecialUA UAException=1
<Files *>
Order allow,deny
Allow from UAException=1
Deny from aaa.aaa.aaa.aaa/aa
Deny from bbb.bbb.bbb.bbb/bb
Allow from all
</Files>
See also SetEnvIf. I am linking to Apache 2.2 docs since you are using the old syntax which has been updated in 2.4.
I am getting
[Tue Apr 24 12:12:55 2012] [error] [client 127.0.0.1] client denied by server configuration: /labs/Projects/Nebula/bin/
My directory structure looks like (I am using Symfony 2, should be similar structure for other web frameworks)
I have vhosts setup like:
<VirtualHost nebula:80>
DocumentRoot "/labs/Projects/Nebula/web/"
ServerName nebula
ErrorLog "/var/log/httpd/nebula-errors.log"
</VirtualHost>
<Directory "/labs/Projects/Nebula/">
Options All
AllowOverride All
Order allow,deny
Allow from 127.0.0 192.168.1 ::1 localhost
</Directory>
I wonder whats the problem and how do I fix it?
Apache 2.4.3 (or maybe slightly earlier) added a new security feature that often results in this error. You would also see a log message of the form "client denied by server configuration". The feature is requiring an authorized user identity to access a directory. It is turned on by DEFAULT in the httpd.conf that ships with Apache. You can see the enabling of the feature with the directive
Require all denied
This basically says to deny access to all users. To fix this problem, either remove the denied directive (or much better) add the following directive to the directories you want to grant access to:
Require all granted
as in
<Directory "your directory here">
Order allow,deny
Allow from all
# New directive needed in Apache 2.4.3:
Require all granted
</Directory>
OK I am using the wrong syntax, I should be using
Allow from 127.0.0.1
Allow from ::1
...
In Apache 2.4 the old access authorisation syntax has been deprecated and replaced by a new system using Require.
What you want then is something like the following:
<Directory "/labs/Projects/Nebula/">
Options All
AllowOverride All
<RequireAny>
Require local
Require ip 192.168.1
</RequireAny>
</Directory>
This will allow connections that originate either from the local host or from ip addresses that start with "192.168.1".
There is also a new module available that makes Apache 2.4 recognise the old syntax if you don't want to update your configuration right away:
sudo a2enmod access_compat
I had this issue using Vesta CP and for me, the trick was remove .htaccess and try to access to any file again.
That resulted on regeneration of .htaccess file and then I was able to access to my files.
Can you try changing "Allow from 127.0.0 192.168.1 ::1 localhost" to "Allow from all".
If that fixes your problem, you need to be less restrict about where content can be requested from
Here's my symfony 1.4 virtual host file on debian, which works fine.
<Directory /var/www/sf_project/web/>
Options All Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
If you wan't to restrict access to a specific ip range, e.g. localhost use this:
Allow from 127.0.0.0/8
The mod_authz_host is responsible for filtering ip ranges. You can look up detailed things in there.
But maybe the problem could be related to some kind of misconfiguration in your "apache2.conf".
On what OS is the apache running?
if you are having the
Allow from All
in httpd.conf then make sure us have
index.php
like in the below line in httpd.conf
DirectoryIndex index.html index.php
In my case the key was:
AllowOverride All
in vhost definition.
I hope it helps someone.
This code worked for me..
<Location />
Allow from all
Order Deny,Allow
</Location>
Hope this helps others
I have setup an Ubuntu LAMP server, and I have had phpmyadmin working fine with my website. However, I have recently had to create a virtual host for my IP address to avoid a security issue with directory listings in Tomcat, and now I can no longer access phpmyadmin.
It used to be at 192.68.1.99/phpmyadmin, and the actual phpmyadmin files are located in
/usr/share/phpmyadmin
I have a domain name pointing at my sever which I can use to point at phpmyadmin - how do I configure this?
thanks
Try to add
Alias /phpmyadmin /usr/share/phpmyadmin
To your global configuration or to virtual host which serves 192.68.1.99:80
This will allows you to access it again on URL http://192.68.1.99/phpmyadmin
If you want to setup phpmyadmin to be available using domain name, it is very same,
just put this line into VirtualHost settings of server under which you want to access it.
If you receive errors like access forbidden, add also following lines:
<Directory /usr/share/phpmyadmin>
Allow from all
Deny from None
Order Allow,Deny
</Directory>
<Location /phpmyadmin>
Allow from all
Deny from None
Order Allow,Deny
</Location>