I have an IP-restricted site configured to allow access only from specific URLs. The configuration is in apache2.conf as follows:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require ip 123.45.678.90
</Directory>
I'd like to display a custom 403 page instead of the default one, so I created 403.html. However, I'm having trouble finding the right place to put it in apache2.conf.
I've tried adding "ErrorDocument 403 403.html" inside the directive, but then the webpage literally displays "403.html" -- not the page, but that actual string. That'd be fine if I just wanted to have the message IN the apache2.conf, but I'd prefer to actually have a page I can edit a little more conveniently.
I've tried placing it outside the Directory directive, but that returns the typical 403, plus the following:
Additionally, a 403 Forbidden error was encountered while trying to
use an ErrorDocument to handle the request.
I figure that makes sense, since they're not allowed in that directory anyway. So, I tried creating a new folder called /var/error and adding it there. However, that returns the same "additionally..." error above.
Where's the proper place (and how) to put this?
Related
I cant figure out why the .htaccess file is not being read. I am using XAMPP
Here is the httpd.conf file
DocumentRoot "C:/xampp/htdocs"
<Directory "C:/xampp/htdocs">
Options None
AllowOverride All
Require all granted
</Directory>
I dont want content listing enabled except for one folder called photos.
so inside the photos directory inside htdocs- using notepad i created a .htaccess file and included
#Allow the listing of folder content
Options All
This did not work and the error log shows:
Cannot serve directory C:/xampp/htdocs/photos/: No matching DirectoryIndex (home.php,home.html,home.htm,index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
I also added rubbish to the beginning of the access file to see if it would reproduce an error but all it says is 403 forbidden.
Other things i tried was
#Allow the listing of folder content
Options Indexes
basically, for every folder there should be no content listing except for the photos folder which is why i created a .htaccess file and placed it inside the photo folders. (it must be a .htaccess)
any ideas why this is not working?
To anyone who comes across this needing help - I figured it out.
notepad was saving it as .htaccess.txt even after selecting 'All Files'
To fix this used brackets (you can use another other software like notepad++) and saved it under .htaccess and that worked.
We are running an API for our mobile app, and with the right HTTP headers, have been able to enable developing it locally using the live API without the need of a 'CORS plugin'.
Now, it does not work anymore, probably since moving the domain name from one user to another (using DirectAdmin), but I cannot figure out how to fix it. Moving the domain back to the original user does not fix it. We have been running Apache 2.4 for quite a while already, that's nothing new.
I tried adding the following to httpd.conf:
<Location /api>
AllowMethods GET POST OPTIONS DELETE PUT
Require all granted
</Location>
<Directory /home/username/domains/example.com/private_html/www/api>
AllowMethods GET POST OPTIONS DELETE PUT
Require all granted
</Directory>
I verified being in the right VirtualHost block by successfully changing the ErrorLog file location.
I also added Require all granted to all .htaccess documents from the private_html folder to the api folder, but the error log keeps saying: [allowmethods:error] [pid ...] [client ...] AH01623: client method denied by server configuration: 'OPTIONS' to /home/username/domains/example.com/private_html/www/api
Note that our mobile app actually still works (GET and POST), but PUT and DELETE don't, just like OPTIONS. It seems like the requests never even hit my domain folder, but get stuck in Apache config.
How can I debug this? How can I get Apache to tell me which policy is preventing that method?
I finally solved the issue with this httpd.conf block:
<Location "/">
AllowMethods GET POST OPTIONS DELETE PUT
Require all granted
</Location>
I was originally trying to limit that to just the API URL, but apparently that gets complicated because of RewriteRules. The first request on /api is passed through, but I needed a new block for each RewriteRule that happens. So I just used Location "/" to fully allow it... hope that doesn't introduce security issues.
#Sygmoral
This also fixed my problem!
If you ever get this message inside a new DirectAdmin environment getting the response on a OPTIONS method:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method OPTIONS is not allowed for this URL.</p>
</body></html>
Or if you've checked the apache error logs containing: AH01623: client method denied by server configuration: 'OPTIONS'
You should head out to the section in DirectAdmin " Custom HTTPD Configurations " (as admin) and add the lines to your domains custom httpd.conf:
<Location "/">
AllowMethods GET POST OPTIONS DELETE PUT
Require all granted
</Location>
I was trying to block access to directory but the problem is that use will get 403, The problem is that i dont want the user even know there was a folder so i want him to get 404 instead, The closest thing i found is(Link):
<Directory /web/docs>
ErrorDocument 404 default
</Directory>
But it didnt worked, If anyone know the right syntax or a way at all of doing so i will be very thankful, Thank you all and have a nice day.
In a .htaccess in your folder
order deny, allow
deny from all
But with this code, you will no longer be able to access your folder/files.
I have been trying to get some url rewrites to work with .htaccess after moving a site to a new host.
Nothing seemed to work, so in frustration I removed all the code from the file, uploading a blank .htaccess file to the server. The Result: FORBIDDEN.
Is this a problem with the server config? How do I go about addressing it.
EDIT
Ok, so I got it to work. I think it must have had something to do with the encoding or format (or whatever) of the .htaccess file itself. I origionally suspected something like this and messed with a bunch of stuff in notepad++, and thought I ruled that out. Earlier, in desperation, I recreated the file in regular notepad and it worked.
Thank you all for your insights...
I don't think that being empty of not will make the difference. IMHO this is happening because the virtualhost is not allowing you to override in your document root
try adding this
<Directory "/var/www/example.com">
AllowOverride All
Allow from All
</Directory>
where /var/www/example.com is the path to your document root
I don't know if it can be related but have you insured that you have an index page (like index.html or similar) and in your <Directory> tag of your Apache's configuration file have the directive Options All -Indexes?
Have you tried with this options?
I have user files stored in a folder outside apache's documents root e.g. My project is in /var/www/ProjectName/ and the files are in local drive(D:\users).
I want to be able to link to those files from within my project. i am using symfony(php framework).
I trying to change the setting in apache like this, But no luck
Alias /users/ "D:\users"
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
You have to update that in your httpd.conf or in your specified {name of your vhost}.conf.
Alias /users/ D:\users
Be sure to check the error log to see where here Apache tries to find the files.