I just set up a web server and I'm having some trouble configuring my .htaccess to apply the restrictions I want.
Basically, I want everything on /var/www to be restricted to local ips but one folder, that should be publicly accessed. This is what I currently have in my .htaccess (located at /var/www/.htaccess) and it seems to be doing the opposite or something:
//Deny access to all directorys but 'pepephone'
<Directory /var/www>
Order deny,allow
deny from all
allow from 192.168.0.
<Directory /var/www/pepephone>
Order allow,deny
allow from all
<Directory>
<Directory>
What do I need to change to achive the result I want? Thanks in advance.
From: http://httpd.apache.org/docs/2.4/en/mod/core.html#directory
<Directory\> directives cannot nest, and cannot appear in a <Limit> or
<LimitExcept> section.
You should use:
//Deny access to all directorys but 'pepephone'
<Directory /var/www>
Order deny,allow
deny from all
allow from 192.168.0.
<Directory>
<Directory /var/www/pepephone>
Order allow,deny
allow from all
<Directory>
Found the answer.
First, as #nlu posted, you can't nest Directory tags. And second, the Directory tag is not allowed in .htaccess files, so I had to do it directly on the apache .conf files.
So this is what it ended up looking like (both files are in /etc/apache2/sites-enabled/ folder, included by apache2.conf. Note that this directives are each inside a <VirtualHost> tag:
000-default.conf
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride Limit
Order deny,allow
deny from all
allow from 192.168.0.
</Directory>
pepephone.conf
<Directory /var/www/pepephone/>
Options Indexes FollowSymLinks MultiViews
Order allow,deny
allow from all
</Directory>
Related
Here is my Directory configuration:
<Directory /var/www/html/sub-dir/*>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
FallbackResource /sub-dir/*/index.php
</Directory>
However, this directive does not seem to work.
Is there a method to accomplish this? Or would it be best to Fallback to a PHP routing script?
Thanks in advance for the help.
Edit:
I have found the <DirectoryMatch> tag and have decided it is probably what I was looking for. However, the syntax evades me. Here is what I have currently:
<DirectoryMatch "^/var/www/html/sub-dir/(?<chindex>[0-9])">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
FallbackResource /subdir/%{env:MATCH_CHINDEX}/index.php
</DirectoryMatch>
My DocumentRoot is /var/www/html
I have two directories:
/var/www/html/sub-dir/0/
/var/www/html/sub-dir/1/
I want this rule to apply to both directories, but using the index.php contained within the respective directories (at /0/index.php and /1/index.php, respectively).
The server currently errs for 400 Bad Request when typing https://domain.tld/sub-dir/0/Extraneous-Text-That-Should-Trigger-FallbackResource
Which part of my syntax is incorrect?
Assuming that /var/www/html is your DocumentRoot, use:
<Directory /var/www/html/sub-dir/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
FallbackResource /sub-dir/index.php
</Directory>
The fallback page /sub-dir/index.php would be used for non-existing paths below /sub-dir/
like /sub-dir/foo.php or /sub-dir/foo/bar.php and you can access the original URL via the PHP $_SERVER['REQUEST_URI'] variable.
For a different fallpage page under a sub-directory of /var/www/html/sub-dir/ like /var/www/html/sub-dir/sub-dir2 you would need another FallbackResource, e.g:
<Directory /var/www/html/sub-dir/sub-dir2/>
FallbackResource /sub-dir/sub-dir2/index.php
</Directory>
or implement a routing/include mechanism in /sub-dir/index.php.
I need some help here my virtual hosts permissions appear not to be working.
For example site1.com and site2.com can access each others files and even create files!. I have tried to prevent this by having this in the apache2.conf file.
<Directory />
Options FollowSymLinks
Order deny,allow
Deny from all
</Directory>
And then in the virtual host file for site1 I have this
<Directory /var/www/site1.com/public_html>
Options indexes, FollowSymLinks
Order Allow,Deny
Allow from all
</Directory>
And for the virtual host ifle in site2 I have this
<Directory /var/www/site2.com/public_html>
Options indexes, FollowSymLinks
Order Allow,Deny
Allow from all
</Directory>
Can anyone help me with this please as its a big security issue?
What have I done wrong?
Thanks,
Dan
An Apache configuration doesn't have anything to do with who/what can create files in the filesystem, it only determines what this particular program (httpd) is willing to serve.
I cannot get allow and deny directives to work from an htaccess file within any directory in my web root. I am at a loss as to where I should look to configure this. I have checked the obvious (authz modules are loaded, allow overrides is set to all) Any ideas? Here are my configuration details.
I have an Apache 2.2 server running on RHEL. Within this server I have an IP based VirtualHost that is configured like where myipaddr and myserver are the actual IP address and host name respectively:
<VirtualHost myipaddr:80>
ServerName myserver
TransferLog /var/log/httpd/myserver.access
LogFormat loadbalanced
ErrorLog /var/log/httpd/myserver.error
DocumentRoot /var/www/myserver
<Directory /var/www/myserver>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I have tried more complex directives but even a simple .htaccess file that should deny everything has no effect.
Order deny,allow
Deny from all
It turns out the was a configuration file in /etc/httpd/conf.d that I did not realize was getting loaded and it was trumping the denies and allows within specific directories.
<Location />
Order allow,deny
Allow from all
<LimitExcept GET POST PUT DELETE>
Deny from all
</LimitExcept>
</Location>
I am trying to use apache localhost
localhost works normally but http://localhost/~iMac/ give me the error in the title.
this is how I proceed:
i added a Sites folder under iMac
create file imac.conf under /etc/apache2/users
<Directory "/Users/imac/Sites/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
I also tried AllowOverride All
I uncomment tese lines in /etc/apache2/httpd.conf
LoadModule authz_host_module libexec/apache2/mod_authz_host.so
LoadModule userdir_module libexec/apache2/mod_userdir.so
Include /private/etc/apache2/extra/httpd-userdir.conf
and uncomment this line in /etc/apache2/extra/httpd-userdir.conf
Include /private/etc/apache2/users/*.conf
and then restart the server.
I tried lots of solution in the net but still have the same issue.
I faced the same issue, but I solved it by setting the options directive either in the global directory setting in the httpd.conf or in the specific directory block in httpd-vhosts.conf:
Options Indexes FollowSymLinks Includes ExecCGI
By default, your global directory settings is (httpd.conf line ~188):
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
set the options to : Options Indexes FollowSymLinks Includes ExecCGI
Finally, it should look like:
<Directory />
#Options FollowSymLinks
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order deny,allow
Allow from all
</Directory>
Also, you should check the folder's permissions so that the Apache process' owner has permissions to read/execute the specified path for the virtual host. On Windows this could rarely be a problem but on Linux it can be a more frequent cause of 403.
EDIT: You can look here for some solution also if you are hosting this on a Mac:
http://coolestguidesontheplanet.com/forbidden-403-you-dont-have-permission-to-access-username-on-this-server/
I'm trying to configure Apache on OS X 10.8.2 so that the default "system" site is accessible from other machines, while the "user" site is not. In httpd.confI have
DocumentRoot "/Library/WebServer/Documents"
<Directory />
Options -FollowSymLinks -MultiViews
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/Library/WebServer/Documents">
Options Indexes -FollowSymLinks -MultiViews
AllowOverride None
Order deny,allow
Allow from all
</Directory>
and in ME.conf I have
<Directory "/Users/ME/Sites">
Options Indexes -FollowSymLinks -MultiViews
AllowOverride None
Order deny,allow
Deny from all
Allow from localhost
</Directory>
This behaves as intended when accessed from the hosting machine: http://localhost/~ME/ maps to /Users/ME/Sites and http://localhost maps to /Library/WebServer/Documents. But when I acces the hostng machine from a different machine, http://hostingmachine doesn't work, and http://hostingmachine/~ME/ maps to /Library/WebServer/Documents. What have I done to deserve that? Is there a way to do what I'm trying to do, or at least something close?