We Keep Coding

apache 2.4 - deny direct ip access and show custom error page

I want requests to http://example.com to serve my website, and requests to http://123.123.123.123 to show a customized 403 error page.
I have Apache/2.4.29 running on my Ubuntu server.
/etc/apache2/sites-available/vhosts.conf
<VirtualHost *:80>
ServerName default
<Location />
Require all denied
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
/etc/apache2/conf-available/security.conf
Alias /errors/ "/var/www/html/error-pages/"
ErrorDocument 401 /errors/401.php
ErrorDocument 403 /errors/403.php
ErrorDocument 404 /errors/404.php
ErrorDocument 500 /errors/500.php
<Directory /var/www/html/error-pages>
Require all granted
</Directory>
With the above setup direct-ip access is blocked, however it is not showing my custom error page.
Forbidden You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to
use an ErrorDocument to handle the request.
Then I tried using the directive instead of :
<VirtualHost *:80>
ServerName default
<Directory />
Require all denied
</Directory>
</VirtualHost>
Now all subdirectories (e.g. http://123.123.123.123/sub) show my error page, but unfortunately the root is not blocked at all and showing my index.php page.
My next guess was to experiment with wilcards:
<VirtualHost *:80>
ServerName default
<Location "/*">
Require all denied
</Location>
<Location "/*/">
Require all denied
</Location>
</VirtualHost>
This code works, and shows my own 403 error page on the root aswell all the subdirectories.
All this got me confused!
Is the how it should be done, or am I doing something wrong in the first two examples?

<VirtualHost _default_:80>
<Directory "${SRVROOT}/htdocs">
Require all denied
</Directory>
ErrorDocument 403 "Sorry, direct IP access not allowed."
ErrorLog "${SRVROOT}/logs/default-http-error.log"
CustomLog "${SRVROOT}/logs/default-http-access.log" combined
</VirtualHost>
This is what I have setup in my server where the directory directive is to denied access to all files in this virtualhost. And the errordocument 403 serving as a message. Other syntax are for error logging. Make sure this virtual host is before any other virtualhost. Something similar for the HTTPS scheme if you support HTTPS on your server.

Default index.html page for any virtual host

I have configured some vhost like:
<VirtualHost *:443>
ServerName test.mywebsite.com
ServerAlias test.mywebsite.com
DocumentRoot /hosting/test
<Directory "/hosting/test">
AllowOverride All
Order Allow,Deny
Allow from All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /usr/local/apache/ssl/mywebsite.com.pem
SSLCertificateKeyFile /usr/local/apache/ssl/mywebsite.com.key
</VirtualHost>
Now i need to display a default webpage if domain root folder not have any index page like index.php or index.html.
Actualy if open wesite it return 403 forbidden if index.html/php is not present.
My idea is;
Folder site no index.html/php show:
defaultwebpage.html in /etc/var/http/hdocs/default.html
How to this?
Apache config.conf is configured with default root but if put the index.html here it is not displayed in case of lack.
DocumentRoot "/data/www/default"
<Directory "/data/www/default">

Couldn't you use the ErrorDocument thing to redirect all 404 to a certain default page? If that default page is outside your webroot use alias to bring it in.
So
Alias /specialindex /etc/var/http/hdocs/
and
ErrorDocument 403 /specialindex/default.html
Looks strange, but should work. But, catches all 403 of course...

The solution:
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /.noindex.html
</LocationMatch>
<Directory /usr/share/httpd/noindex>
AllowOverride None
Require all granted
</Directory>
Alias /.noindex.html /usr/share/httpd/noindex/index.html

<VirtualHost> cannot occur within <VirtualHost> section

after I try to use my own vhost.confic instead of using the generated one from Plesk, I just copy the last_httpd.include file and made some modifications - change the document root. But the /usr/local/psa/admin/sbin/httpdmng --reconfigure-domain redmine.newslab.cz get some error
2013-11-28T10:52:28+01:00 ERR (3): Apache config (13856323480.31924600) generation failed: Syntax error on line 1 of /var/www/vhosts/redmine.newslab.cz/conf/vhost.conf:
<VirtualHost> cannot occur within <VirtualHost> section
Syntax error on line 1 of /var/www/vhosts/redmine.newslab.cz/conf/vhost.conf:
<VirtualHost> cannot occur within <VirtualHost> section
vhost.conf file
<VirtualHost *:80 >
ServerName "redmine.newslab.cz"
ServerAlias "www.redmine.newslab.cz"
ServerAlias "ipv4.redmine.newslab.cz"
UseCanonicalName Off
<IfModule mod_suexec.c>
SuexecUserGroup "redmine.newslab" "psacln"
</IfModule>
ServerAdmin "admin#newslab.cz"
DocumentRoot "/var/www/vhosts/redmine.newslab.cz/httpdocs/redmine/public"
CustomLog /var/www/vhosts/redmine.newslab.cz/statistics/logs/access_log plesklog
ErrorLog "/var/www/vhosts/redmine.newslab.cz/statistics/logs/error_log"
<IfModule mod_userdir.c>
UserDir "/var/www/vhosts/redmine.newslab.cz/web_users"
</IfModule>
ScriptAlias "/cgi-bin/" "/var/www/vhosts/redmine.newslab.cz/cgi-bin/"
Redirect permanent /plesk-stat https://redmine.newslab.cz/plesk-stat
Redirect permanent /webstat https://redmine.newslab.cz/webstat
Redirect permanent /webstat-ssl https://redmine.newslab.cz/webstat-ssl
Redirect permanent /ftpstat https://redmine.newslab.cz/ftpstat
Redirect permanent /anon_ftpstat https://redmine.newslab.cz/anon_ftpstat
Redirect permanent /awstats-icon https://redmine.newslab.cz/awstats-icon
<IfModule mod_ssl.c>
SSLEngine off
</IfModule>
SetEnv PP_CUSTOM_PHP_INI /var/www/vhosts/redmine.newslab.cz/etc/php.ini
<IfModule mod_fcgid.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /var/www/vhosts/redmine.newslab.cz/etc/php.ini
FcgidMaxRequestLen 16777216
</IfModule>
<Directory /var/www/vhosts/redmine.newslab.cz/httpdocs/redmine/public>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.php)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
allow from all
</Files>
</IfModule>
Options -Includes +ExecCGI
</Directory>
<Directory "/var/www/vhosts/redmine.newslab.cz/statistics">
AuthType Basic
AuthName "Domain statistics"
AuthUserFile "/var/www/vhosts/redmine.newslab.cz/pd/d..httpdocs#plesk-stat"
require valid-user
</Directory>
Alias /error_docs /var/www/vhosts/redmine.newslab.cz/error_docs
ErrorDocument 400 /error_docs/bad_request.html
ErrorDocument 401 /error_docs/unauthorized.html
ErrorDocument 403 /error_docs/forbidden.html
ErrorDocument 404 /error_docs/not_found.html
ErrorDocument 500 /error_docs/internal_server_error.html
ErrorDocument 405 /error_docs/method_not_allowed.html
ErrorDocument 406 /error_docs/not_acceptable.html
ErrorDocument 407 /error_docs/proxy_authentication_required.html
ErrorDocument 412 /error_docs/precondition_failed.html
ErrorDocument 414 /error_docs/request_uri_too_long.html
ErrorDocument 415 /error_docs/unsupported_media_type.html
ErrorDocument 501 /error_docs/not_implemented.html
ErrorDocument 502 /error_docs/bad_gateway.html
ErrorDocument 503 /error_docs/maintenance.html
</VirtualHost>
Do have anybody idea what is wrong. Thx

It is simple. Your vhost.conf is included inside the one generated by Plesk, it doesn't replace the Plesk config. That means you need to strip your vhost.conf from VirtualHost directive and other duplicated content. Keep there only directives which you need and which Plesk doesn't add itself.

Url rewrite is not working in some cases with XAMPP in Windows 7

I have a PHP website hosted at localhost on my Windows 7 PC, running XAMPP 1.8.2.
And I have rewrite rules as below:
Options -Indexes +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?rt=$1 [QSA,L]
</IfModule>
To rewrite the URL so it will always go into something like: http://mysite.com/index.php?rt=[controller]/[action]/[params]
It works prefect until I found it failed when processing url like: http://mysite.com/error/xxx. It returns a 404 status other than goes to http://mysite.com/index.php?rt=error/xxx. (I do NOT have an sub directory call error/ under my website root folder)
I carefully checked my PHP code and I am sure it is not the cause, and I upload my website to a remote server and everything is fine. So I am pretty sure something is not properly configured in my XAMPP (Apache), that makes the /error/xxx request was treated differently.
Also I found visiting http://mysite.com/error/ gives me 403 but http://mysite.com/[something_else]/ is fine.
Just in case, I paste my vhost.conf here as well:
<VirtualHost *:80>
DocumentRoot "/xampp/htdocs"
ServerName localhost
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "E:\htdocs\mysite.dev"
ServerName mysite.dev
</VirtualHost>
And related httpd.conf:
<Directory "E:\htdocs">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
Any help is appreciated!

Finally figure it out after wasting another hour on it!
There is configuration file called httpd-multilang-errordoc.conf under /xampp/apache/conf/extra, and inside it's something like this:
<IfModule alias_module>
<IfModule include_module>
<IfModule negotiation_module>
Alias /error/ "C:/xampp/apache/error/"
<Directory "C:/xampp/apache/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Require all granted
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
</IfModule>
The line Alias /error/ "C:/xampp/apache/error/" handles all the request matches domainname.com/error/ and rewrite it to C:/xampp/apache/error/.
Simply commenting out the line solves my problem. Not sure what it does but make things done.

From your last comment it sounds like Apache isn't even correctly configured to the path with your site!
You need to edit the Xampp\apache\conf\httpd.conf file.
First make a BACKUP copy of it.
Edit the line that starts with...
DocumentRoot "
..if it is a Windows machine and it uses / instead of \ retain those.
Then you need to edit the line that starts with...
<Directory "
Be aware that there is also a CGI version of this.
If you have correctly edited the file save and then restart Apache. Changes will NOT take effect until you restart Apache.

.htaccess file can't find 404 ErrorDocument

The .htaccess file I have is unable to find my 404.html document in a sub-folder called "error". The line in particular is:
ErrorDocument 404 /error/404.html
However, if I place 404.html in the same directory as .htaccess and change the line to:
ErrorDocument 404 /404.html --- It works!
I'm using XAMPP for Windows if that helps, and in my httpd.conf file, the relevant directives are set as follows (I realize there is some redundancy):
<Directory />
AllowOverride All
Order allow,deny
allow from all
</Directory>
<Directory "C:/xampp/htdocs">
Options Indexes FollowSymLinks Includes ExecCGI MultiViews
AllowOverride All
Require all granted
</Directory>
Also, my DocumentRoot is set to "C:/xampp/htdocs", and I'v tried various paths to access the "error" directory--none work:
ErrorDocument 404 /error/404.html
ErrorDocument 404 /flchi/error/404.html
ErrorDocument 404 /sites/flchi/error/404.html
ErrorDocument 404 /htdocs/sites/flchi/error/404.html
Oh, and one final thing for what it's worth--I'm using virtual hosts. Here's the relevant bits:
<VirtualHost *>
DocumentRoot "C:/xampp/htdocs"
ServerName localhost
ServerAlias localhost
<Directory "C:/xampp/htdocs">
Options Indexes FollowSymLinks Includes ExecCGI
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost flchi.local>
DocumentRoot "C:/xampp/htdocs/sites/flchi"
ServerName flchi.local
ServerAlias flchi.local
<Directory "C:/xampp/htdocs/sites/flchi">
Options Indexes FollowSymLinks Includes ExecCGI
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

This happens because of naming conflict - default Apache configuration already defines virtual path for /error, affecting all virtual hosts globally. It's done in config file xampp/apache/conf/extra/httpd-multilang-errordoc.conf. Location /error, therefore shadows your /error subdirectory:
Alias /error/ "C:/xampp/apache/error/"
It should work if you rename your 'error' sub-directory to something else - for example, error2.
ErrorDocument 404 /error2/404.html