I have an apache vhost setup that I want to only have access to particular directories. So I have this in my vhost config:
<Directory /var/www/>
RewriteEngine on
RewriteBase /
Include /etc/apache2/sites-available/legacy_partners.inc
AddOutputFilterByType DEFLATE text/html
Order deny,allow
Deny from all
</Directory>
<Directory /var/www/partner*>
Order allow,deny
Allow from all
</Directory>
My problem is that I have some rewrite rules that change the directory accessed e.g. "migrated". So what I want to do is allow access to the directory only if the URL has been rewritten from an allowed directory. So rewritten from /partner to /migrated
Is this possible?
Related
In my Apache 2.4 VirtualHost configuration, I'd like to - by default - deny access to everything in the DocumentRoot that I do not enable explicitly. To that end, I have written:
DocumentRoot /var/www
<Directory "/var/www">
Require all denied
<Files "index.html">
Require all granted
</Files>
</Directory>
This enables direct access to http://myserver.example/index.html, but results in a 403 response for indirect access to http://myserver.example/.
How can I correct this behaviour?
Following the hint that I "did not explicitly allow /", resulting in it being forbidden set me on the right track to solve this.
Adding a LocationMatch directive that deals with the trailing slash exclusively results in the desired behaviour:
DocumentRoot /var/www
<Directory "/var/www/">
Require all denied
<Files "index.html">
Require all granted
</Files>
</Directory>
# Regex anchored at string beginning and end
# -> only matches "/"
<LocationMatch "^/$">
Require all granted
</LocationMatch>
Note that adding a <Files "/"> directive does not work, probably because the accessed resource is not really a file.
Neither is <Location /> the right thing, because it would be applied to the entire VirtualHost.
I'm setting up a virtual host for nagios with Apache 2.4 using mod_proxy_fcgi to forawrd php requests to php-fpm.
I wonder if it's the ProxyPassMatch that is making all of the local resources including images,js,css won't load when I go to 200.000.00:22222/nagios/index.php.
All of the resources are interpreted as Content-Type:text/html; charset=iso-8859-1 as shown in the response headers. They show 403 Forbidden error and in the error log it shows AH01630: client denied by server configuration.
/etc/httpd/conf.d/nagio.conf:
Listen 22222
<VirtualHost *:22222>
ServerName {IP}:22222
AddType image/jpeg jpeg jpg jpe
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
DocumentRoot "/usr/local/nagios"
<Directory "/usr/local/nagios/sbin">
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
<LocationMatch "/nagios/((.*\.php)(/.*)?)$">
ProxyPassMatch "fcgi://localhost:9000/usr/local/nagios/share/$1"
</LocationMatch>
<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
You need a <Directory /usr/local/nagios> section that permits Apache to serve from that directory. Basically, you need one of these for every Alias or DocumentRoot that isn't under an existing one.
Usually you just need "require all granted" or "order deny,allow (2.2.x and older) in the Directory section -- but check the ones for your existing DocumentRoot's
I'd like to deny access to all directories which name is "d" or "src".
What I tried is to use the <DirectoryMatch> directive into my .htaccess:
ErrorDocument 403 /main.php?_rewrite_=1&_escaped_fragment_=/err/403
ErrorDocument 404 /main.php?_rewrite_=1&_escaped_fragment_=/err/404
#banned access
<DirectoryMatch "(d|src)">
Order Allow,Deny
Deny from all
</DirectoryMatch>
<FilesMatch "\.(old\.php|directory\.php|rewrite\.php|htaccess|htpasswd|ini|log)$">
Order Allow,Deny
Deny from all
</FilesMatch>
DirectoryIndex main.php
Options -Indexes
But adding the <DirectoryMatch> rule, Apache is giving me a 500 Internal Error, and the same happens for the <Directory> rule.
I'm using a Apache/2.4.9 (Win64) PHP/5.5.12 WAMP Server.
I cannot get allow and deny directives to work from an htaccess file within any directory in my web root. I am at a loss as to where I should look to configure this. I have checked the obvious (authz modules are loaded, allow overrides is set to all) Any ideas? Here are my configuration details.
I have an Apache 2.2 server running on RHEL. Within this server I have an IP based VirtualHost that is configured like where myipaddr and myserver are the actual IP address and host name respectively:
<VirtualHost myipaddr:80>
ServerName myserver
TransferLog /var/log/httpd/myserver.access
LogFormat loadbalanced
ErrorLog /var/log/httpd/myserver.error
DocumentRoot /var/www/myserver
<Directory /var/www/myserver>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I have tried more complex directives but even a simple .htaccess file that should deny everything has no effect.
Order deny,allow
Deny from all
It turns out the was a configuration file in /etc/httpd/conf.d that I did not realize was getting loaded and it was trumping the denies and allows within specific directories.
<Location />
Order allow,deny
Allow from all
<LimitExcept GET POST PUT DELETE>
Deny from all
</LimitExcept>
</Location>
Going to example.com/config or example.com/account/login returns 403 Forbidden.
In reality, /config and /account/login should be redirected to index.php but it gives 403.
My directory structure is like this:
/var/www/example
└─/assets
└─/bower_components
└─/node_modules
└─/partials
└─/templates
└─/tests
└─/vendor
└─index.php
This is my Virtual host configuration:
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example
<DirectoryMatch "^/var/www/example/(?!(assets|partials))\w+">
Require all denied
</DirectoryMatch>
<Location />
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</Location>
</VirtualHost>
I want to disallow access to every folder except assets and partials, that's why I added that DirectoryMatch directive.
I use a PHP framework called Slim so I have to add Location and Rewrite directives.
I think Apache thinks my URLs are directories and blocks them. Is there a way to unblock my URLs?
Try adding:
<Directory "/var/www/example">
Order Allow,Deny
Allow From all
</Directory>
above the <DirectoryMatch> container in your vhost config.
Since you're using apache 2.4, then use require all:
<Directory "/var/www/example">
Require all granted
</Directory>
If you're using Apache 2.4 try to add in the end of your VirtualHost:
<Directory /var/www/example>
Options Indexes FollowSymLinks MultiViews
# If you want to enable overrides, you should read:
# http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
AllowOverride All
Require all granted
Satisfy Any
Order allow,deny
Allow from all
</Directory>