Allow access to a hidden directory (.) in Apache - apache

I need to put something in a directory on my web server that starts with ., i.e. the path would be my.domain/.something/somefile.
However, it seems that my Apache configuration blocks all access to hidden directories.
How do I change the config so that access to this one particular directory is allowed?

The default configuration from the apache.org distribution has no problem serving files from a .something subdirectory of the document root. You'd have to search your own logs and configuration for a problem.

Related

Apache URI path recognition / mapping?

I have a website for all intents and purposes is called.
www.foobar.com
Which in my server path is /var/www/
I tried to create a new folder in /var/ called "analytics", with the hope that if I typed www.foobar.com/analytics I could access that folder.
However that does not work because it is actually looking for /var/www/analytics instead of /var/analytics
So how can I have multiple directories mapped to a URI?
For phpmyadmin I can access www.foobar.com/phpmyadmin with the phpadmin folder is in a completely different directory. So it must be possible.
However I tried googling but could not find any answers so I guess I do not have the right description of what this functionality is on Apache webservers.
Any help would be appreciated.
You have to create virtual directories in Apache.
If you are using Apache2, then can you go to the directories
/etc/apache2/sites-available and /etc/apache2/sites-enabled.
You have probably only the default virtual directory enabled.
You can make a copy of a virtual directory in the map /sites-available.
A virtual directory starts with specifying what the root directory is.
Then can you use the commands a2ensite and a2dissite in order to enable or disable the virtual directories respectively.
After a change in enabled/disabled virtual directories do you need to restart/reload the apache server.
If you use .htaccess file, do not forget to set AllowAccess (in the tag Directory) to at least FileInfo or .htaccess will be ignored.
If you want to make those directories different hosts, then can you make aliases in /etc/hosts.
On my home computer have I aliases for the ip addresses 27.0.0.1 and 27.0.1.1.
That gives me the possibility to have two different sites at the same time.

How disable direct call files on web dirrectory?

My server was built on Apache and Nginx.
There are some directories with js scripts Node on root directory web site.
Via url address i can call direct file such like: domen.com/node/notific.js
How as it can be blocked?
I saw apache tutorial and found that it possible set in apache2.conf, to specify here in the Servername part param index-options, but it acts only on the prohibition directories.
And what you advice check me for more security my directories?
Thanks

Need of vhost for zend application

If running any zend application it is recommended to ceate the vhost.
Why is it so?
Although the public part form the url can be removed by copying the index.php and .htaccess file to root of project directory.
Well... yes, technically can just copy index.php and .htaccess to the root of the project directory. However, by doing that you will expose all of your application files to the public.
For example, someone could try to access your config file like this: http://yourhost/yourproject/application/configs/config.ini
This will actually display the content of the config file (which might include sensitive data like your database configuration) unless you explicitly configure something in your .htaccess to prevent this.
When using a vhost with the DocumentRoot set to the public dir, that means that no file outside the public directory will be accessible from an URL. And since you should normally only have the index.php file in there, you ensure that your application is always accessed from that starting point.

Unable to find httpd.conf

I'm running tomcat and I want to change the default webroot so that it points to another location. Is there a way to find out what's running tomcat or where the default webroot is set as I can't find httpd.conf which is where I believe it's usually set?
Cheers,
Alexei Blue.
**UPDATE:**
It's been a long time since I looked at this question that I forgot about it. In the end it turned out that we were using Apache HTTPD to accept requests from port 80. From there we had the webroot and ProxyPass rules set in the /etc/httpd/conf/virtual-hosts/default.conf file (these can also be set in /etc/httpd/conf/httpd.conf). From there we had several tomcat instances running, all hosted on different ports which are setup in apache-tomcat-x/conf/server.xml.
When I wrote this question I was trying to setup a new tomcat instance to run an application in development and was told I would need to change the webroot to access my application, which was incorrect. Instead what I needed was to include a ProxyPass rule so that when my application name was recognised in the URL, HTTPD would send the request to the correct tomcat instance to be processed.
E.g.
www.domain.com/myApplication
In /etc/httpd/conf/virtual-hosts/default.conf
ProxyPass /myApplication/ ajp://127.0.0.1:<ajp_port>/myApplication/
ProxyPassReverse /myApplication/ ajp://127.0.0.1:<ajp_port>/myApplication/
Where the ajp_port is setup in apache-tomcat-x/conf/server.xml. I needed to ensure that non of the ports conflicted with other tomcat instances so remember to check all ports i.e. Shutdown, HTTP, HTTP with SSL, AJP etc.
Tomcat doesn't use httpd.conf, that is an apache file. The location of the individual webapps are kept in their individual web.xml files, but the location of all the configs are in ../tomcat6/conf/server.xml and web.xml
Is it where the files come from you want to move, or where it compiles and executes them from?
As #Woody says, Tomcat does not use httpd.conf files: that's an Apache httpd thing (httpd is a web server, Tomcat is a Java application server).
You didn't mention what OS you are using or what package management software you are using (e.g. yum, apt, etc.) so I'll give you generic information as if you had downloaded and installed Tomcat directly from apache.org (which I usually recommend people do for a number of reasons).
Tomcat keeps its server-wide configuration in the conf/server.xml file in the Tomcat base installation directory (often called $CATALINA_BASE for convenience): here, you configure things like what types of connectors (e.g. HTTP, HTTPS, AJP, etc.) to use and which ports they should listen to, clustering configuration, session persistence, global JNDI and realm resources. There are also conf/web.xml and conf/context.xml files that define defaults for all webapps deployed on that instance of Tomcat, but it's best to leave those files alone unless you have a really good reason to modify them.
When you want to deploy a webapp (under the default configuration), all you need to do is drop a .WAR file into the $CATALINA_BASE/webapps/ directory and the webapp will be deployed into a "context path" (aka URL prefix) that matches the name of the file minus the ".WAR" suffix. So, if you have a WAR file called mygreatwebapp.war, then it will be deployed such that your clients can reach it at http://yourhost/mygreatwebapp/. There is a special name you can give a WAR file so that it has an empty context path: if you name your WAR file ROOT.war (case matters), then your webapp can be reached at http://yourhost/. (If you would rather use exploded-WAR directories instead of WAR files, everything above still applies except the directories simply don't have the .war extension).
Given your original question, it sounds like all you want to do is drop a ROOT.war file into $CATALINA_BASE/webapps (or replace the one that is already there): this will deploy whatever webapp you want into the URL space that you might call the "default webroot".
Update
If you want to change the directory where all the webapps live for a host, you can modify $CATALINA_BASE/conf/server.xml and change the <Host>'s appBase attribute to point to, say, /cfusion/main/www/. That will deploy all the WAR files and directories in /cfusion/main/www/ as separate webapps.
If you just want to serve a single webapp from an arbitrary location, you may create a deployment file under $CATALINA_BASE/conf/[EngineName]/[HostName]/[appname].xml. This is a standard file like META-INF/context.xml and contains a <Context> element except that you will have to specify a docBase which points to your webapp (e.g. /cfusion/main/www/mywebapp).

htaccess vs password protected directories

I have to add a password protected zone to a site I am working on (using the .htpasswd file). The thing is the whole directory structure it's being pointed at doesn't exist and is created through mod_rewrite.
Will it still work, or does the directory actually have to physically exist on the server?
Clarification:
While I may need to password protect the directory:
http://sitename/category/protected/
mod_rewrite translates this to:
index.php?category=category&directory=protected
So the actual directory does not exist. Is it still protectable?
You can add the access rules to the apache config file (httpd.conf or similar) in a Directory or Location tag instead of adding it in the .htaccess file.
Your rewrite rules will ultimately point to some files in a directory on your system (unless they redirect users to some external location). The authentication setup should be on the underlying directory that will be accessed.