Here is my current apache2.conf
<Directory /var/www/>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1
Allow from localhost
Allow from 10
Satisfy Any
But I want allow access to a one file http://my_server_ip/handl.php What I should do?
Related
I want to restrict all directories and files to the end users, but the application should be accessible. I have restricted all directories except readme.md. I cannot even locate the file inside www folder. But the file is viewed when it is ran in the browser as follows.
Following are the changes I have done in httpd.config file
<Directory "c:/wamp64/www">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
Allow from localhost
</Directory>
<Files "c:/wamp64/icons/readme.md">
Order Deny,Allow
Deny from all
</Files>
<Directory "c:/wamp64/www/*">
Allow from all
</Directory>
Apache 2.4 is my version
I cannot get allow and deny directives to work from an htaccess file within any directory in my web root. I am at a loss as to where I should look to configure this. I have checked the obvious (authz modules are loaded, allow overrides is set to all) Any ideas? Here are my configuration details.
I have an Apache 2.2 server running on RHEL. Within this server I have an IP based VirtualHost that is configured like where myipaddr and myserver are the actual IP address and host name respectively:
<VirtualHost myipaddr:80>
ServerName myserver
TransferLog /var/log/httpd/myserver.access
LogFormat loadbalanced
ErrorLog /var/log/httpd/myserver.error
DocumentRoot /var/www/myserver
<Directory /var/www/myserver>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I have tried more complex directives but even a simple .htaccess file that should deny everything has no effect.
Order deny,allow
Deny from all
It turns out the was a configuration file in /etc/httpd/conf.d that I did not realize was getting loaded and it was trumping the denies and allows within specific directories.
<Location />
Order allow,deny
Allow from all
<LimitExcept GET POST PUT DELETE>
Deny from all
</LimitExcept>
</Location>
I've looked as so many examples here, but I still can't access my WAMP server from my other computer. I have no problem from the computer where WAMP is installed.
I notice that it says You don't have permission to access / - why / ?
// httpd.conf
<Directory "D:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from ::1
Allow from 192.168.0.1 // <- typo
Allow from 192.168.1.148
</Directory>
//httpd.vhosts.conf
<VirtualHost 192.168.1.119>
DocumentRoot D:/wamp/www/mysite/
ServerName mysite.com
ServerAlias mysite.com
</VirtualHost>
// Host file
192.168.1.119 localhost
192.168.1.119 mysite.com
Try these changes
First this controls access to your WAMPServer homepage, add all the possible local address to the allow list.
You seem to have 2 subnets in your list, is that a typo? I am assuming so.
Also if you use just the first 3 quartiles of the ip address it will allow from any ip on that subnet.
// httpd.conf
<Directory "D:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from ::1 127.0.0.1 localhost
Allow from 192.168.1
</Directory>
You dont mention any port number on your VHOST definition and there is no need to use a specific ip address.
Also it is a good idea to add a localhost VHOST, and to put the access restrictions i.e. the <Directory...> block inside each individual VHOST definition. Then you can modify the access privilages on each VHOST specifically.
Also the syntax for the access rights chnaged in Apache 2.4.x so I have coded the access rights section using the parameter that was added in WAMPServer2.5 releases, but it should work as it is even of you are still on an older WAMPServer version i.e. 2.4 or 2.2
// extras/httpd-vhost.conf
# Should be the first VHOST definition so that it is the default virtual host
# Also access rights should remain restricted to the local PC and the local network
# So that any random ip address attack will recieve an error code and not gain access
<VirtualHost *:80>
DocumentRoot "D:/wamp/www"
ServerName localhost
ServerAlias localhost
<Directory "D:/wamp/www">
AllowOverride All
<IfDefine APACHE24>
Require local
Require ip 192.168.1
</IfDefine>
<IfDefine !APACHE24>
Order Deny,Allow
Deny from all
Allow from 127.0.0.0/8 localhost ::1 192.168.1
</IfDefine>
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "D:/wamp/www/mysite"
ServerName mysite.com
ServerAlias www.mysite.com
<Directory "D:/wamp/www">
AllowOverride All
<IfDefine APACHE24>
Require local
Require ip 192.168.1
</IfDefine>
<IfDefine !APACHE24>
Order Deny,Allow
Deny from all
Allow from 127.0.0.0/8 localhost ::1 192.168.1
</IfDefine>
</Directory>
</VirtualHost>
I have an apache2 server, serving a website from the following directory /var/www/
I'm trying restrict this website to all but 2 ip addresses
I've put the code below in the security file located on my linux
server directory:
etc/apache2/conf.d/security
<Directory /var/www/>
Order allow,deny
#Allow from IPADDRESS1
Allow from IPADRESS2
</Directory>
1) Why can I access the website from IPADDRESS1 when it's commented out?
2) Is this the section of the apache2 documentation that deals with this?
I think you need to specify to deny all other connections. I.E:
<Directory /var/www/>
Order allow,deny
#Allow from 192.168.1.4
Allow from 149.254
Deny from all
</Directory>
There are other questions similar to this but don't answer my problem.
This is the default httpd.conf:
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
and it allows only 127.0.0.1, but I want to allow also localhost and 192.168.x.x (my private ip).
Well, the other answers are: put Allow from all and uncomment in hosts file the line 127.0.0.1 localhost; but I read that is unsecure or not reccomended.
So I've tried this:
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.x.x
Allow from localhost
</Directory>
It works for 192.168.x.x, but not for localhost (gets error: 403 Forbidden, You don't have permission to access / on this server.)
1) How can make it works?
2) Maybe is required to uncomment in hosts file the line 127.0.0.1 localhost ?
3) Is it really more secure than Allow from all?
Lets keep it simple, try this
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1 localhost 192.168
</Directory>
::1 is the IPV6 equivalent of 127.0.0.1
I would use the first 3 of the quartiles 192.168.0 ( assuming your third quartile is 0 )
Update your httpd.conf to this, and you will be able to get to localhost on WAMP.
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.x.x
Allow from ::1
</Directory>
If you are using
Apache 2.4
then use:
<Directory "C:/wamp/www/">
Require all denied
Require ip 127.0.0.1
<If "%{HTTP_HOST} == 'localhost'">
Require all granted
</If>
</Directory>
1) I don't know if your Directory sintax is correct as I use ubuntu server, but I always put the lines that allow individual addresses before the "Deny from all" directive. However, in the apache documentation you can see examples where the directives are in the same order as in your code
Link
I alse specify the netmask, which in the case of individual IPs should be 255.255.255.255, more fine-grained subnet restriction.
I have always seen the words deny,allow in the first directive in lowercase, but as you are using Windows maybe it is not necessary. The code that I would use is:
order deny,allow
Allow from 127.0.0.1/255.255.255.255
Allow from 192.168.x.x/255.255.255.255
Allow from localhost/255.255.255.255
Deny from all
2) Yes, as you are denying every petition except those that come from the specified IPs
Related reference