Deny all configuration files except one in Apache - apache

I have the following block in my .htaccess to deny download of configuration files
# Disables download of configuration
<Files ~ "\.(tpl|yml|ini)$">
# Deny all requests from Apache 2.4+.
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Deny all requests from Apache 2.0-2.2.
<IfModule !mod_authz_core.c>
Deny from all
</IfModule>
</Files>
But how can I allow all files which are named swagger.yml?

You should be able to do this
<Files ~ "\.(tpl|yml|ini)$">
# Deny all requests from Apache 2.4+.
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
# Deny all requests from Apache 2.0-2.2.
<IfModule !mod_authz_core.c>
Deny from all
</IfModule>
</Files>
<FilesMatch "swagger\.yml$">
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
</FilesMatch>
Also you should remove the directives for the version you are not using. If you are using 2.4 then you don't need 2.2 directives there. However I left it since that's how you have it.

Related

phpmyadmin login only local area network

I have a question about logining at phpmyadmin.
I would like to show phpmyadmin log in page ONLY local area network
connection PCs and cellphone.
Here is my info.
CentOS 7.2
phpmyadmin 4.4.15.8
Apache 2.4.6
PHP 7.0.13
MariaDB 10.1.19
my server's pravate ip adress is 192.168.0.12
my routor is 192.168.0.1
Here is my current code (which all PC and device can see phpadmin login page.)
/etc/httpd/conf.d/phpMyAdmin.conf
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/lib/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
<Directory /usr/share/phpMyAdmin/setup/frames/>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
Change the lines of Apache 2.4 and phpMyAdmin directory by your area network :
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require local
Require ip 192.168.1 #HERE put your network address
</RequireAny>
</IfModule>
</Directory>
Or to be even more specific
Require local
Require ip 192.168.1.100
Require ip 192.168.1.101

You don't have permission to access /phpmyadmin on this server.Ec2 after installing and configuring the files

Hi everyone i am getting this error now is more than 7 hours but i still have know luck "You don't have permission to access /phpmyadmin on this server".
I followed the instructions and examples on the internet but i still get the same error.here is my how my file path "etc/httpd/conf.d/phpMyAdmin"
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
#Require ip 127.0.0.1
#Require ip ::1
Require ip 52.28.232.215
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
# Order Allow,Deny
Deny from All
Allow from All
# Allow from 127.0.0.1
#Allow from ::1
Allow from 52.28.232.215
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
# Require ip 127.0.0.1
Require ip 52.28.232.215
# Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
# Order Allow,Deny
#Deny from All
#Allow from 127.0.0.1
# Allow from ::1
Allow from 52.28.232.215
Allow from All
</IfModule>
</Directory>
I finally fixed this issue
added
Required all granted
on the first
# Apache 2.4
I was not aware that my apache is 2.4+
Thanks

DirectoryMatch not working under WAMP?

I'd like to deny access to all directories which name is "d" or "src".
What I tried is to use the <DirectoryMatch> directive into my .htaccess:
ErrorDocument 403 /main.php?_rewrite_=1&_escaped_fragment_=/err/403
ErrorDocument 404 /main.php?_rewrite_=1&_escaped_fragment_=/err/404
#banned access
<DirectoryMatch "(d|src)">
Order Allow,Deny
Deny from all
</DirectoryMatch>
<FilesMatch "\.(old\.php|directory\.php|rewrite\.php|htaccess|htpasswd|ini|log)$">
Order Allow,Deny
Deny from all
</FilesMatch>
DirectoryIndex main.php
Options -Indexes
But adding the <DirectoryMatch> rule, Apache is giving me a 500 Internal Error, and the same happens for the <Directory> rule.
I'm using a Apache/2.4.9 (Win64) PHP/5.5.12 WAMP Server.

Directory not rendering images because of cgi

My server doesn't render any images under the cgi directory, I know that this is because apache is told to run every file under that directory as a cgi program.
I would like to adjust the settings to tell apache to run all the .cgi and .pl as cgi programs but run the rest of files as they should be.
For instance, if I go to example.com/x.gif from a browser I can see the image, but if I go to example.com/cgi-bin/x.gif I can't. (being the image in both dirs, of course, and with 775)
The problem is that I don't know how to tell that to apache, this is the httpd.include
<Directory /var/www/vhosts/example.com/httpdocs>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files> </IfModule> <IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files> </IfModule> <IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files> </IfModule> <IfModule mod_fcgid.c>
<Files ~ (\.php)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
allow from all
</Files> </IfModule>
SSLRequireSSL
Options -Includes +ExecCGI
</Directory>
I found a solution.
As I said, apache is told to run every file under that directory as a cgi program. So are needed new rules to tell apache to use a default handler for those filetypes different from .php , .pl or .cgi:
<Directory /var/www/vhosts/example.com/httpdocs/cgi-bin>
<FilesMatch "^(?!.*\.(cgi|php|pl)$).*$">
SetHandler default-handler
</FilesMatch>
</Directory>
If you can't access the httpd.conf for any reason you still can do the trick with .htaccess adding this three lines to the .htaccess file of the cgi-bin folder:
<FilesMatch "^(?!.*\.(cgi|php|pl)$).*$">
SetHandler default-handler
</FilesMatch>

XAMPP: Connecting to localhost fix? [Persistent]

I just installed XAMPP Windows 1.8.2 in my computer. Port 80 is secured and in use by Apache there are no problems nor any port conflicts. I always open Xampp and start both Apache and MySQL Modules in the control panel. Both modules are running, Whenever I click on the Apache admin button it redirects me to the localhost page, It takes a while to load and then this error shows up.
If it's too small for you guys the error says: Network Error (tcp_error)
A communication error occurred: "Connection refused"
The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time.
For assistance, contact your network support team.
Another error shows up if i try with 127.0.0.1:
The localhost changes to 130.147.134.66 NOTE: I use a proxy network and the IP address is 130.147.134.251.
I have tried changing and updating the hosts file in the C:\Windows\System32\Drivers\Etc\hosts. but the problem still persists.
Keep that in mind I am new to using Xampp, and its been only a week since I started using phpMyAdmin and MySQL
My httpd-xampp.conf file:
#
# XAMPP settings
#
<IfModule env_module>
SetEnv MIBDIRS "C:/xampp/php/extras/mibs"
SetEnv MYSQL_HOME "\\xampp\\mysql\\bin"
SetEnv OPENSSL_CONF "C:/xampp/apache/bin/openssl.cnf"
SetEnv PHP_PEAR_SYSCONF_DIR "\\xampp\\php"
SetEnv PHPRC "\\xampp\\php"
SetEnv TMP "\\xampp\\tmp"
</IfModule>
#
# PHP-Module setup
#
LoadFile "C:/xampp/php/php5ts.dll"
LoadModule php5_module "C:/xampp/php/php5apache2_4.dll"
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
#
# PHP-CGI setup
#
#<FilesMatch "\.php$">
# SetHandler application/x-httpd-php-cgi
#</FilesMatch>
#<IfModule actions_module>
# Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
#</IfModule>
<IfModule php5_module>
PHPINIDir "C:/xampp/php"
</IfModule>
<IfModule mime_module>
AddType text/html .php .phps
</IfModule>
ScriptAlias /php-cgi/ "C:/xampp/php/"
<Directory "C:/xampp/php">
AllowOverride None
Options None
Require all denied
<Files "php-cgi.exe">
Require all granted
</Files>
</Directory>
<Directory "C:/xampp/cgi-bin">
<FilesMatch "\.php$">
SetHandler cgi-script
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler None
</FilesMatch>
</Directory>
<Directory "C:/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
<IfModule alias_module>
Alias /security "C:/xampp/security/htdocs/"
<Directory "C:/xampp/security/htdocs">
<IfModule php5_module>
<Files "xamppsecurity.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
Order deny,allow
Deny from all
Allow from localhost
</Directory>
Alias /licenses "C:/xampp/licenses/"
<Directory "C:/xampp/licenses">
Options +Indexes
<IfModule autoindex_color_module>
DirectoryIndexTextColor "#000000"
DirectoryIndexBGColor "#f8e8a0"
DirectoryIndexLinkColor "#bb3902"
DirectoryIndexVLinkColor "#bb3902"
DirectoryIndexALinkColor "#bb3902"
</IfModule>
Require all granted
</Directory>
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
Order allow,deny
Allow from all
Require all granted
</Directory>
Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
Require all granted
</Directory>
</IfModule>
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
It's already giving you the answer.
Look at your second picture.
This setting can be configured in the file "httpd-xampp.conf"
How to "fix" this:
either: disable your proxy for local addresses
or:
1) open the file "\xampp\apache\conf\extra\httpd-xampp.conf" in a texteditor
2) replace "Allow from localhost" with "Allow from YOURLOCALIP" (2 times)
3) save the file
4) restart Apache
See http://www.apachefriends.org/f/viewtopic.php?t=32503#p131519 too
Edit:
It's in line 120-128:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16 \
YOURLOCALIP <--------------------------------------------------------------
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Your security configuration for XAMPP is specified in the LocationMatch as chill0r mentioned, on lines 120-128.
Your configuration is allowing from ::1 127.0.0.0/8 \, fc00::/7 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and fe80::/10 169.254.0.0/16 which will never be matched since you're using a proxy AND it's denying everything. This is where the Order statement comes in. It tells your configuration to match against deny first then allow, so it will always deny since you have Deny all.
You need to change your configuration so that it doesn't deny everything and allows at least your own IP. Since it sounds like your running a local dev environment and not exposing it, you can consider removing all restrictions:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Allow from all
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
If you do this, configure your firewall prevent port 80 access from outside your network (this can be done on your machine or router). Alternatively, you can configure it to work for an IP range using a partial IP that includes your proxy:
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order allow,deny
Deny from all
Allow from 130.147.134
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Notice that the Order changed from deny,allow to allow,deny so it will check against the allow statement first.
I also noticed that the two requests were for different paths, the first one is "/" and the second is "/xampp/" and the latter is the one that wasn't refused.
In your IfModule alias_module you should add an alias:
Alias "/" "C:/xampp/htdocs/xampp"
This will help you get off the ground, but you'll need to make sure to learn about the directives, specifically Alias and AliasMatch as your routing gets more complicated. Alternatively, you could just develop in the C:/xampp/htdocs/ directory instead of C:/xampp/htdocs/xampp.
Before starting the XAMPP server make sure that other running services are closed like Skype and other servers which is using the same port number.
I had the same problem, the solution is easier than other answers.
1) Install XAMPP in your pc, in this case, Windows 8.
2) Start > Administrative Tools > Services > Web Deployment Agent service and press STOP.
Usually Web Deployment uses port 80 which is the port used by XAMPP by default. If you stop that process and write localhost in your web browser you should be able to access phpmyadmin.
Hope it helps :)
Follow the below Steps
In XAMPP on the Apache Module ,Select Config button httpd.conf
Comment "Deny from all" in the following section,
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Order deny,allow
#Deny from all
Allow from ::1 127.0.0.0/8 \
fc00::/7 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
fe80::/10 169.254.0.0/16
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
Restart the XAMPP (Important Step)