I've been trying for some hours block all connection except my domain in httpd config. but I'm not able to connect with my own domain. I just get Forbidden page.
<VirtualHost *:80>
ServerName Server-VM
DocumentRoot /var/www/
SetEnvIf Referer domain\.cc internal
<FilesMatch "\.(avi|mp4)$">
Order Deny,Allow
Deny from all
Allow from env=internal
</FilesMatch>
</VirtualHost>
My Apache version: 2.2.15
What am I doing wrong?
Thank you!
The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use.
Try
<FilesMatch "\.(avi|mp4)$">
Require host domain.cc
</FilesMatch>
More info from https://httpd.apache.org/docs/2.4/howto/access.html
Related
CONTEXT. I work on a server running Centos 8.3 with Apache 2.4.37.
In Apache's vhosts.conf configuration file I have this vhost for one of my websites:
<VirtualHost *:80>
ServerAdmin se#site.com
DocumentRoot /var/www/html/site
ServerName site.com
ErrorLog /var/log/httpd/admin-site.com-error_log
CustomLog /var/log/httpd/admin-site.com-access_log common
<Directory "/var/www/html/site">
Options SymLinksIfOwnerMatch
AllowOverride None
Order Allow,Deny
Allow from all
</Directory>
<Files ~ "test\.txt">
Order Allow,Deny
Deny from all
</Files>
<FilesMatch "\.(txt|png)$">
Order Allow,Deny
Deny from all
</FilesMatch>
</VirtualHost>
I have these two different scenarios:
If in the DocumentRoot folder I put only static files (html, css, images, etc), the Files and FilesMatch directives work perfectly and the frontend looks excellent.
If I put a Ghost installation in the DocumentRoot folder, I necessarily have to add the following Proxy directives to the vhost. And when doing so, the frontend looks great too, but the Files and FilesMatch directives NOT work at all, i.e. the browser allows me to open site.com/test.txt and site.com /file.png, when they shouldn't open.
ProxyRequests off
ProxyPass / http://localhost:2368/
ProxyPassReverse / http://localhost:2368/
Any ideas how to get the Files and FilesMatch directives to work on my Ghost installation?
I already tried this:
For those thinking about .htaccess. If I activate AllowOverride so that the .htaccess is read: I already tried and the directives in the .htaccess don't work either.
For those thinking of Deny from all. I know Deny from all is for Apache 2.2, and for 2.4 Require all denied should be used. I have done tests and in my Apache 2.4 the Require does not work, it only works Deny from all.
I'd like to enable on my Apache 2.4 under linux the PUT and DELETE methods. When clients try to invoke such methods I get a "405 Method Not Allowed" as answer.
On server side my PHP script handle such requests but it seems filtered by the server itself (that's makes the difference from the similar already answered question - Moreover other questions seems to refers to an old version of Apache).
Can I manage some configurations on .htaccess file or I have to modify the .conf files under /etc/apache2?
Thanks a lot.
Try the following changes on your server:
Open "/etc/httpd/conf/httpd.conf" and look for the following blocks:
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
Order deny,allow Deny from all
</LimitExcept>
Then just add PUT and DELETE after PROPFIND. Then Restart httpd by "/sbin/service httpd restart" or service httpd restart.
Note: In some servers , mostly the ones with a control panel (DA,cPanel,..) you may change this file :/etc/httpd/conf/extra/httpd-directories.conf
I hope it solves your problem.
For Debian/Ubuntu.
In your conf:
<Location "/">
AllowMethods GET PUT
</Location>
In console:
sudo a2enmod allowmethods
sudo systemctl restart apache2.service
You can use allowmethods_module to enable that.
It's been available since apache version 2.3 but still experimental though.
<Location "/path/to/directory">
AllowMethods PUT DELETE
</Location>
I got the same error and the root cause is the redirects to https (80-443) are not occurring which one of the things are causing the docker client to fail while allowing the browser to work. I added below directives in Apache httpd (apache2) and it worked for me.
<VirtualHost *:80>
RedirectPermanent / https://%{SERVER_NAME}/
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
# General setup for the virtual host
ServerName example.org
ServerAdmin help#example.com
ErrorLog /tmp/error_log
SSLProxyEngine On
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
AllowEncodedSlashes NoDecode
ProxyPreserveHost On
ProxyPass / http://<BackendIP>/ connectiontimeout=10 timeout=3600
ProxyPassReverse / http://<BackendIP>/
</VirtualHost>
I cannot get allow and deny directives to work from an htaccess file within any directory in my web root. I am at a loss as to where I should look to configure this. I have checked the obvious (authz modules are loaded, allow overrides is set to all) Any ideas? Here are my configuration details.
I have an Apache 2.2 server running on RHEL. Within this server I have an IP based VirtualHost that is configured like where myipaddr and myserver are the actual IP address and host name respectively:
<VirtualHost myipaddr:80>
ServerName myserver
TransferLog /var/log/httpd/myserver.access
LogFormat loadbalanced
ErrorLog /var/log/httpd/myserver.error
DocumentRoot /var/www/myserver
<Directory /var/www/myserver>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I have tried more complex directives but even a simple .htaccess file that should deny everything has no effect.
Order deny,allow
Deny from all
It turns out the was a configuration file in /etc/httpd/conf.d that I did not realize was getting loaded and it was trumping the denies and allows within specific directories.
<Location />
Order allow,deny
Allow from all
<LimitExcept GET POST PUT DELETE>
Deny from all
</LimitExcept>
</Location>
I have two separate Django projects that I want to serve up from the same machine. I'm trying to set up my VirtualHost configurations in apache to serve them up. I know I can serve them up on separate ports, but I'd rather do it based on the request URL. So example.com/app1 would go to one app and example.com/app2 would go to the other. ServerName and ServerAlias won't work since they only look at the Host, which in both cases would just be example.com. Is there any way to do this?
The ServerPath directive looked promising but it looks like, since it was only meant as a fallback for older browsers, apache only looks at ServerPath if the browser doesn't supply the Host field in the request.
Update: Here is what the VirtualHost configuration for my first app looks right now.
<VirtualHost *:80>
ServerAlias *
WSGIScriptAlias /app1 /home/eyuelt/app1/app1/wsgi.py
Alias /app1/static /home/eyuelt/app1/staticfiles
<Directory /home/eyuelt/app1/app1>
<Files wsgi.py>
Order deny,allow
Require all granted
</Files>
</Directory>
<Directory /home/eyuelt/app1/staticfiles>
AllowOverride None
Order deny,allow
Require all granted
</Directory>
</VirtualHost>
The Apache 2.2.20 automaticaly redirects all requests which are points to directories and has no trailing slash to the same URL with trailing slash, like shown below:
GET /some/path/to/dir HTTP/1.1
Host: www.some.org
...
301 Moved permanently
Location: http://www.some.org/some/path/to/dir/
In all cases it is a fine behavior, but I need to turn off this feature for one special folder (not for all), and can't find were I can do it.
Searching for 'Rewrite' rules tells founds nothing - only directive LoadModule mod_rewrite.so. Also, there is no .htaccess files in directories server in directory tree.
Is there any other directives that make thing?
UPD1 I try to set up SVN trough HTTP with next config:
LoadModule dav_svn_module /opt/libexec/mod_dav_svn.so
LoadModule authz_svn_module /opt/libexec/mod_authz_svn.so
NameVirtualHost *:8000
<VirtualHost *:8000>
ServerAdmin admin#some.host.org
ServerName some.host.org
DocumentRoot /path/to/wwwroot
DAVLockDB /opt/var/lock/davlock/svndavlockdb
<Directory /path/to/wwwroot>
Options FollowSymLinks Indexes
# #AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory /path/to/wwwroot/svn>
Options FollowSymLinks Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
CustomLog /path/to/wwwroot/log/access_log.txt combined
ErrorLog /path/to/wwwroot/log/error_log.txt
<Location /svn>
#AllowOverride None
#RewriteEngine Off
#RewriteOptions AllowNoSlash
DirectorySlash Off
DAV svn
SVNParentPath /path/to/wwwroot/svn
# SVNListParentPath on
AuthType Basic
AuthName "Subversion Repository"
AuthBasicAuthoritative Off
AuthUserFile /path/to/wwwroot/svn/.htauthfile
<Limit GET OPTIONS REPORT PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Require valid-user
</Limit>
</Location>
</VirtualHost>
UPD2 It seems that the "DirectorySlash Off" directive works only for "some.host.org/svn" and not works for "some.host.org/svn/repo1", "some.host.org/svn/repo2" etc - child directories not inherit this option.
UPD3 I try to add the following lines into config, but result is same - "DirectorySlash Off" work only for "/svn" and not for childs.
<LocationMatch "/svn/.*">
DirectorySlash Off
</LocationMatch>
SOLVED
Problem solved. This is a my mistake - I placed SVN repository root under DocumentRoot folder, so apache and web_dav can't understand, who must handle request. This applies to TortoiseSVN client at least.
Comments from SVN developers:
It means your httpd.conf is misconfigured. Usually this error happens when you've defined the Subversion virtual "location" to exist within two different scopes at the same time.
For example, if you've exported a repository as , but you've also set your DocumentRoot to be /www, then you're in trouble. When the request comes in for /www/foo/bar, apache doesn't know whether to find a real file named /foo/bar within your DocumentRoot, or whether to ask mod_dav_svn to fetch a file /bar from the /www/foo repository. Usually the former case wins, and hence the "Moved Permanently" error.
The solution is to make sure your repository does not overlap or live within any areas already exported as normal web shares.
It's also possible that you have an object in the web root which has the same name as your repository URL. For example, imagine your web server's document root is /var/www and your Subversion repository is located at /home/svn/repo. You then configure Apache to serve the repository at http://local.host/myrepo. If you then create the directory /var/www/myrepo/ this will cause a 301 error to occur.
Use mod_dir's DirectorySlash directive. Example from docs:
# see security warning in docs
<Location /some/path>
DirectorySlash Off
SetHandler some-handler
</Location>
Adding
DirectorySlash Off
to .htaccess worked fine for me.