I've been trying to get this to work for Apache 2.4
I manually installed Apache 2.4, PHP 5.6, MySql, and MySqli. (I haven't had a problem with mysql since I've only been using MySqli)
I have tried to white list only cloudflare to access my website, but I haven't been having any luck and since their IP list doesn't give me absolutely everything I need, I can't white list them.
I know that I shouldn't white list only cloudflare, but I accidentally shared the IP to someone and they spread it around, and I don't want them using the ip directly, I want them to use cloudflare.
I've tried doing this to white list cloudflare but it hasn't been working:
<Directory "C:/Apache24/htdocs/test">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all denied
Allow from 103.21.*.*
Allow from 103.31.*.*
Allow from 103.22.*.*
Allow from 104.16.*.*
Allow from 108.162.*.*
Allow from 131.0.*.*
Allow from 141.101.*.*
Allow from 162.158.*.*
Allow from 172.64.*.*
Allow from 173.245.*.*
Allow from 188.114.*.*
Allow from 190.93.*.*
Allow from 197.234.*.*
Allow from 198.41.*.*
Allow from 199.27.*.*
</Directory>
I havn't fully understood the jump from 2.2 to 2.4 yet. Could anybody help me out?
If you install the Mod_Cloudflare Apache extension, you can simply add the following to your Apache configuration and all non-Cloudflare traffic will be forbidden:
DenyAllButCloudFlare
Further reading:
Logging Real Visitor IP Addresses: mod_cloudflare for Apache httpd
Though I am not 100% sure this answer is appropriate to your question but I will share it in case some other people want different solution.
Cloudflare pass a real ip in HTTP_CF_CONNECTING_IP. So we can setup Rewrite(using mod_rewrite). So we don't need to whitelist cloudflare's ips, accept all ip and check the HTTP_CF_CONNECTING_IP. If there is no match, we deny. So the configuration in wordpress conf is as following. The example shows any real ip not starting with 17.133.218 is denied access.
<Directory /var/www/wordpress>
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{HTTP:CF-CONNECTING-IP} !^17\.133\.218\.
RewriteRule $ /maintenance [R=302,L]
</IfModule>
</Directory>
Related
I just changed web hosts and I'm trying to re-apply some of the same IP address restrictions on my webhost. However, making the exact same changes does not appear to be working.
For example, I'm wanting to allow only one IP address, here's what was on my old web host:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
order deny,allow
deny from all
allow from xx.xx.xx.xx
</IfModule>
with my IP address obfuscated obviously. However, when I do that on the new web server, it seems to not even allow my IP address. I'm not 100% exactly sure why this is happening if this is the exact same configuration.
For what it is worth, I'm using VirtualHosts, so I have configurations for the virtual hosts in /etc/apache2/sites-available/domain.conf file, but nothing for mod_rewrite or anything pertaining to IP address restrictions.This change is being made in the .htaccess file in the HTML directory for the specific web host. This change is being made in the .htaccess file in the HTML directory for the specific web host.
If I simply remove those 3 lines, everything works perfectly fine, so I'm a little puzzled.
Updated
So I tried to make adjustments by using "Require", as preferred in Apache 2.4, and it seems like I'm still getting access denied. Here's an example of my virtual host configuration file:
DocumentRoot /var/www/html/mysite
<Directory /var/www/html/mysite/>
Options Indexes FollowSymLinks
AllowOverride All
#Require all granted
<IfModule mod_authz_core.c>
<RequireAny>
Require ip <myip>
</RequireAny>
</IfModule>
</Directory>
I've tried with IfModule and without it, and the same goes for RequireAny. I tried replacing "Require all granted" with that one Require ip <myip> statement and still getting denied.
I know that question has already been asked, but for some reason, no matter how I try, redirect from https to http just doesn't work. I tried my default approach to redirect (always worked perfectly fine with http to https, thought it would go that smooth the other way as well) and a few solutions from here, but no effect. For now, this is the last method I've tried:
In Apache sites-available directory, I modified relevant .vhost entry, so the changed part now looks like this:
<Directory /var/www/SOMEWEBSITE/web>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
</Directory>
<Directory /var/www/clients/client1/web1/web>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
</Directory>
Still, connecting via https://SOMEWEBSITE gives me standard apache blank site
(It works!
This is the default web page for this server.
The web server software is running but no content has been added, yet.)
I tried inserting the rewrite rules directly in VirtualHost block and modyfing site's .htaccess file (same effect as above), also tried to create VirtualHost listening on port 443 and redirecting traffic to http, but this approach gave me an SSL error. Is there any other way or something I might be doing wrong? Or is that some ISPConfig issue I am not aware of?
You could try this solution, here on stackoverflow. It is not done within ISPConfig, but I do not think there is a way to do this from within the ISPConfig GUI anyway.
I am using the following directives to configure my VirtualHost in Plesk:
[vhost.conf]
ServerName www.mydomain.com
DocumentRoot /var/www/vhosts/mydomain.com/httpdocs
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !^.+\.(css)
RewriteCond %{REQUEST_URI} !^.+js
RewriteRule ^(.+)$ /index.php/$1/
<Directory /var/www/vhosts/mydomain.com/httpdocs>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
php_admin_flag safe_mode Off
</Directory>
This worked fine in every case, until i added an SSL certificate and accessed the server through https. Now the rewrites were no longer working, when calling the site through SSL.
So i figured that the configuration loaded for the other protocol (https) must differ from the one that is loaded in the case of http.
I then found out that Plesk uses two separate config files for both protocols. I copied vhost.conf to vhost_ssl.conf. Now the site loaded fine over https and the rewrites were working fine.
But now the rewrites were no longer working when accessing the site through http.
Seems like the cat is biting its tail, i am running in circles and out of options.
Unfortunately i lack the experience in configuring apache. I do assume that somehow my two sets of rules are causing a problem, but after all they are included into two different <VirtualHost> directives.
Perhaps someone knows what is going on here and how to fix it?
I can't tell you how to fix it but I can tell you how to start.
Look carefully at the access and error logs. Read about this here: https://httpd.apache.org/docs/2.2/logs.html
There are a bunch of tools to help you with this debugging described there and in linked pages.
I just created a website with two environments as virtualservers - testing and production. As production server is open to everyone but I allowed only my IP to access testing environment:
<VirtualHost *:80>
DocumentRoot /home/xxx/www
ServerName testing.xxx.com
<Directory /home/xxx/www>
Order deny, allow
Deny from all
Allow from xxx.xxx.xxx.xxx
</Directory>
</VirtualHost>
The problem is that google has already indexed some of my testing environment pages and they are available in google results. I would like any IP but mine to be redirected to production server (xxx.com) while accessing testing.xxx.com. I would rather do it with apache.conf than .htaccess(because of git repositories conflicts). Is it possible to add a conditional redirect to apache config?
You can use mod_rewrite features in your httpd.conf Apache config file:
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} !^123\.456\.788 [OR] # exclude your first IP
RewriteCond %{REMOTE_HOST} !^123\.456\.789 # exclude your second IP
RewriteRule ^(.*)$ http://production-env.com/$1 [R=301,L] # redirection to production site
</IfModule>
Or you can put these declarations into <Directory> section of your vhosts config file.
Generally you can take advantage of mod_rewrite module to manage URL routing policies for your web server. Before using it make sure that this module is installed and activated in your Apache.
i have Apache 2.2 and 3 virtual hosts on it and a mod_rewrite infinite lopp isssue i cannot resolve. Apache is in my company LAN on the 192.168.1.228 IP address. 2 virtual hosts work perfectly. The third makes problems. My network admin created a subdomain to point to that 192.168.1.228. The Virtual Host is configured this way:
<VirtualHost 192.168.1.228>
DocumentRoot "C:/Apache/htdocs/stansrodowiska"
ServerName giostube.mycompany.local
LimitInternalRecursion 1000
<Directory "C:/Apache/htdocs/stansrodowiska">
Options Indexes FollowSymLinks Includes
AllowOverride None
Order allow,deny
Allow from all
RewriteEngine on
RewriteCond $1 !^(index\.php|images|upload|css|download|assets|js|nfos|robots\.txt)
RewriteRule ^(.*)$ /stansrodowiska/index.php/$1 [L]
</Directory>
</VirtualHost>
If i access this website from my lan over the address: http://giostube.mycompany.local/ i get an
403 Forbidden
You don't have permission to access /stansrodowiska/index.php/stansrodowiska/index.php/stansrodowiska/index.php/stansrodowiska/index.php/stansrodowiska/index.php/stansrodowiska/index.php/stansrodowiska/index.php......... on this server
The /stansrodowiska/index.php/ is of course repeated much more often i think to around 2048 chars which is the HTTP POST maximum.
Strange thing is that exactly the same mod_rewrite rules work on an other preconfigured WAMP environment (Vertrigo).
Underneath there is a Codeigniter 1.7.2 application.
Is the error within the mod_rewrite rules or do i have to search elsewhere?
Change this line:
RewriteRule ^(.*)$ /stansrodowiska/index.php/$1 [L]
To:
RewriteRule ^(.*)$ /index.php/$1 [L]