Cant disable Indexes in Apache HTTP - apache

I am trying to set up an virtual Host with Apache HTTP Server,everythings works fine except that i cant disable Indexes in my httpd.conf file.
What i have :
In my httpd.conf
<Directory />
Options FollowSymLinks Includes ExecCGI
Require all granted
</Directory>
In my httpd.vhosts.conf
<Directory ****>
Options -Indexes FollowSymLinks Includes ExecCGI
Require all granted
</Directory>
I thought -Indexes would remove the "index-of" and would instead show my html-file.
Hope someone can help me out with this...

From the Apache documentation:
Note Mixing Options with a + or - with those without is not valid
syntax and will be rejected during server startup by the syntax check
with an abort.
So in other words you cannot have:
Options -Indexes FollowSymLinks Includes ExecCGI
But must instead have this syntax to alter the existing Options settings:
Options -Indexes +FollowSymLinks +Includes +ExecCGI
Or this syntax to just overwrite the existing Options settings:
Options FollowSymLinks Includes ExecCGI
However I'm confused why you think you need "-Index" as you have not specified that in you main httpd.conf, so it should not be generating the index pages anyway in your vhost sub location?

Related

Can FallbackResource support wildcards?

Here is my Directory configuration:
<Directory /var/www/html/sub-dir/*>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
FallbackResource /sub-dir/*/index.php
</Directory>
However, this directive does not seem to work.
Is there a method to accomplish this? Or would it be best to Fallback to a PHP routing script?
Thanks in advance for the help.
Edit:
I have found the <DirectoryMatch> tag and have decided it is probably what I was looking for. However, the syntax evades me. Here is what I have currently:
<DirectoryMatch "^/var/www/html/sub-dir/(?<chindex>[0-9])">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
FallbackResource /subdir/%{env:MATCH_CHINDEX}/index.php
</DirectoryMatch>
My DocumentRoot is /var/www/html
I have two directories:
/var/www/html/sub-dir/0/
/var/www/html/sub-dir/1/
I want this rule to apply to both directories, but using the index.php contained within the respective directories (at /0/index.php and /1/index.php, respectively).
The server currently errs for 400 Bad Request when typing https://domain.tld/sub-dir/0/Extraneous-Text-That-Should-Trigger-FallbackResource
Which part of my syntax is incorrect?
Assuming that /var/www/html is your DocumentRoot, use:
<Directory /var/www/html/sub-dir/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
FallbackResource /sub-dir/index.php
</Directory>
The fallback page /sub-dir/index.php would be used for non-existing paths below /sub-dir/
like /sub-dir/foo.php or /sub-dir/foo/bar.php and you can access the original URL via the PHP $_SERVER['REQUEST_URI'] variable.
For a different fallpage page under a sub-directory of /var/www/html/sub-dir/ like /var/www/html/sub-dir/sub-dir2 you would need another FallbackResource, e.g:
<Directory /var/www/html/sub-dir/sub-dir2/>
FallbackResource /sub-dir/sub-dir2/index.php
</Directory>
or implement a routing/include mechanism in /sub-dir/index.php.

How to allow Apache to serve files outside of the document root folder?

everybody. TIA for your help.
All of my projects are located in /var/www/html and my apache.conf points to it with the following directive:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
By mistake I created another project in ~/Development/My_Project.
And I tried to get apache to serve the files using the following directive (right after the one above):
<Directory /Development/My_Project/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
But it does not work. I get:
Forbidden
You don't have permission to access / on this server.
I appreciate any help.
Thanks

Ubuntu 14.04 Apache 2.4.7 404 Not Found

I've been reading the forums and trying to replicate their fixes, but I must be missing something on my end since it will switch from a simple 404 Error Not Found to a 403 Forbidden Error (even after chown and chmod changes).
Currently, I am experiencing the 403 error code even after a sudo apache2ctl restart
Here is what I've done so far.
- gedit apache2.conf with the following
<Directory /path/to/directory/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all denied
</Directory>
gedit sites-available/000-default.conf && sites-enabled/000-default.conf
DocumentRoot /path/to/directory
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /path/to/directory>
Options Indexes FollowSymLinks MultiViews
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
Options Indexes FollowSymLinks MultiViews
Order allow,deny
Allow from all
</Directory>
Any help is much appreciated.
First note that you have now Apache 2.4, not Apache 2.2. The style to declare permissions has changed with Apache 2.4 and you should consistently use the new ones (like require all granted).
Apache has become more strict in what files it allows to be served. Essentially, arrange the files to be served outside in your Document Root and below, and keep all other files out of this tree. Don't link to files outside the Document Root tree.
Some point of your config:
<Directory />
This is the root directory of your file system. If you declare anything for it, it should be require all denied and nothing else. Note that there is a difference between a <Directory /absolute/path/to/some/directory> directive and a <location /relative/path/to some/location/on/your/server> directive.
Configure your server in terms of <location>

.htaccess not workingn on Ubuntu

I have tried several things now but my .htaccess file still seems to be having no affect on the website.
in apache2/apache2.conf I have changed AllowOverride to ALL
I have copied the following into my default file in sites-available
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
I have also added the following into my sites conf file in sites-enabled...
<Directory /var/www/html/mysite>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
But still nothing!
I have also checked phpinfo() for the server and mod_rewrite is appearing in the loaded modules
I have also made sure to restart apache.

404 Error on Certain Pages Using SSL

I'm trying to enable ssl on my wordpress site and am running into a bit of difficulty. I've enabled ssl admin through the wordpress ssl plugin (well reviewed) and also required ssl for a couple other pages. The administration panel works well with https as does the homepage and a couple other pages. However on many of them, namely pages that I've dynamically generated with a php plugin that I wrote, I get a 404 error:
Not Found
The requested URL /create/5 was not found on this server.
Apache/2.2.22 (Ubuntu) Server at upsmart.com Port 443
Approaches that havent worked so far include:
I've enabled mod-rewrite on the server, I've tried changing the site url in the dashboard to explicitly be https:// and I've scanned the php for hard-coded instances of http://
Really scratching my head on this one so any ideas would be appreciated.
For reference I'm using Apache on Ubuntu 12.04.
Update!
I checked my Apache error log and came out with the following message:
File does not exist: /home/user/www/create
My reaction upon seeing that is "Well of course it doesn't. If I'm trying to get it to get it to http://example.com/create/ why would it be reading that as ~/www/create?
Please allow me to blush a little; the update I gave to the question above allowed me to take a guess at the issue but I'll put it down in case anyone else runs into the problem.
I found that I had only half-configured the file /etc/apache2/sites-enabled/default-ssl.
The file began as follows:
ServerAdmin webmaster#localhost
DocumentRoot /home/sam/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/sam/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride none
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
The issue was that the second AllowOverride needed to be changed from none to all. So that it would look like this.
ServerAdmin webmaster#localhost
DocumentRoot /home/sam/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /home/sam/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride none
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Mind you: This must be configured for ssl even if you have configured this for other sites-enabled like 000-default.
There's no difference between the configurations.