So I have tried to follow some of the posts here to deny access to a public folder using .htaccess.
The problem is that I still can access the folder.
I have put the .htaccess inside my folder, with the commands?
Order allow,deny
Deny from all
I am missing something, but don`t know what.
BTW, I have restarted apache after that.
The site:
www.mysite.com
Folder I want to block
www.mysite.com/helloworld/
That configuration does exactly what you say it should do when I test it.
Presumably your server is configured not to respect .htaccess files.
You can change that by setting:
AllowOverride AuthConfig
… in your main configuration file.
See also the documentation for AllowOverride.
That said, if you don't want the content of a directory to be accessible to anyone over HTTP, then you are better off keeping that directory outside the web root in the first place.
Related
I am trying to set up a WebDav server using sabre/dav. I got it set up and running and as long as I serve up files form with in the web server root (like /var/www/mydocs) I can access them in read-write mode. However, when I move sabre’s root directory to be like /mnt/mydocs I can only access them in read only mode. I do not think it is file permissions because I set them up the same both places and gave apache full access to both. I think it might be apache directory access directives but I have not found any combination that works. The last thing I tried in the apache config file was something like this.
<Directory “/mnt/mydocs”>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
Any ideas? Thanks for your help.
Well, I have a website in apache directory: /var/www/html. Previously I had all my web images in /var/www/html/media, so I used to put /media/imgX.jpgfor loading them. but now I need to put them in /mnt/imgs.
For some reason, using this path does not work the same way as before.
I think it has something to do with permissions using files from outside apache directory but I am not sure about it. Any idea?
The easiest way to add directories to Apache httpd is to use the "alias" module:
Alias /images "/mnt/imgs"
<Directory "/mnt/imgs>
Options Indexes
AllowOverride All
Require all granted
</Directory>
Once you have set up this, test it with: "yourdomain.com/images".
Of course:
The directory "/mnt/imgs" need the appropriate rights, so Apache Httpd can access it. Therefore you need to find out the group it runs with.
These files will be available to the public, if you dont secure them.
Once this is functional, remove the "indexes" line from the snippet above.
I'm using Joomla 2.5 and Apache and I have followed this steps:
1- mod_rewrite module is eneabled? YES
2- htaccess.txt renamed to .htaccess
3- set "Use URL Rewriting" to YES.
And this is what I get:
Not Found
The requested URL /about-us was not found on this server.
The web is located in /var/www/
The .htaccess is located in /var/www/
And this is my .htaccess: http://pastebin.com/dq1TYs1t
Thanks for the help.
Since you said allowoverride was set to none, your .htaccess file will be ignored. You need to set allowoverride to all the other option is leave allowoverride at none, and take the contents of the .htaccess file and incorporate it into your apache configuration file. This has the benefit of being slightly faster as apache doesn't need to look in directory tree for .htaccess files (they are really good to allow users that don't have access to the configs the ability to override the base settings, but if you have access to /var/www you should also have access to make changes to the config files.
There is no need to enable any mod_rewrite module.
Need to enable URL rewriting option in global configuration. Also need to rename htaccess.txt file to .htaccess.
please check there is no any third party component of security like admin tools are enable or installed which is blocking this mod rewrite option.
So far, I have:
order deny,allow
deny from all
allow from 127.0.0.1/8
This blocks the top directory (not root directory) of the folder I am trying to hide from anyone else except me, but it does not block subdirectories. I still want to have access to the directory, and all the examples I have seen use the Rewrite Engine to completely block access from subdirectories. How do I block the subdirectories as well? This is the opposite of the first suggested question:
How do I make .htaccess work on the current directory and not subdirectories?
Your quoted config works as you need.
If it does block only the current directory but you're able to access a subdirectory of it - this is how I understand your description - it means, you changed the access rules with some further .htaccess and/or config in httpd.conf i.e. by allow from all
At first, I thought the closed beta packages I was testing were overriding my .htaccess file with their own, but they did not override any directory permissions.
At Kamil's suggestion, I looked into my httpd.conf and noticed that AllowOverride was set to None for the root directory of my web server. Setting it to All worked like a charm.
How can I get Apache to display the contents of my folder and provide links to them? Similar to http://www.kernel.org/pub/linux/?
I don't have access to the Apache configuration, so I'm looking for something in the way of .htaccess or something I can do in just my home folder.
You have to use the option Indexes in the Apache configuration.
For instance, in the .htaccess file for your directory (if you can use those, and have sufficient privileges), you could put :
Options +Indexes
This functionality is provided by mod_autoindex, which has lots of options to allow fine-tuning of the generated output, btw
To get this working, that module must be loaded, and to be able to activate the option in an .htaccess file, you will need the admin of the server to give you some privileges (with the AllowOverride directive in the Apache's main config file, if I remember correctly -- well, your admin should know that better than me anyway ^^ )