There are other questions similar to this but don't answer my problem.
This is the default httpd.conf:
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
and it allows only 127.0.0.1, but I want to allow also localhost and 192.168.x.x (my private ip).
Well, the other answers are: put Allow from all and uncomment in hosts file the line 127.0.0.1 localhost; but I read that is unsecure or not reccomended.
So I've tried this:
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.x.x
Allow from localhost
</Directory>
It works for 192.168.x.x, but not for localhost (gets error: 403 Forbidden, You don't have permission to access / on this server.)
1) How can make it works?
2) Maybe is required to uncomment in hosts file the line 127.0.0.1 localhost ?
3) Is it really more secure than Allow from all?
Lets keep it simple, try this
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1 localhost 192.168
</Directory>
::1 is the IPV6 equivalent of 127.0.0.1
I would use the first 3 of the quartiles 192.168.0 ( assuming your third quartile is 0 )
Update your httpd.conf to this, and you will be able to get to localhost on WAMP.
<Directory "C:/wamp/www/">
Options Indexes FollowSymLinks
AllowOverride all
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.x.x
Allow from ::1
</Directory>
If you are using
Apache 2.4
then use:
<Directory "C:/wamp/www/">
Require all denied
Require ip 127.0.0.1
<If "%{HTTP_HOST} == 'localhost'">
Require all granted
</If>
</Directory>
1) I don't know if your Directory sintax is correct as I use ubuntu server, but I always put the lines that allow individual addresses before the "Deny from all" directive. However, in the apache documentation you can see examples where the directives are in the same order as in your code
Link
I alse specify the netmask, which in the case of individual IPs should be 255.255.255.255, more fine-grained subnet restriction.
I have always seen the words deny,allow in the first directive in lowercase, but as you are using Windows maybe it is not necessary. The code that I would use is:
order deny,allow
Allow from 127.0.0.1/255.255.255.255
Allow from 192.168.x.x/255.255.255.255
Allow from localhost/255.255.255.255
Deny from all
2) Yes, as you are denying every petition except those that come from the specified IPs
Related reference
Related
Here is my current apache2.conf
<Directory /var/www/>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 ::1
Allow from localhost
Allow from 10
Satisfy Any
But I want allow access to a one file http://my_server_ip/handl.php What I should do?
I cannot get allow and deny directives to work from an htaccess file within any directory in my web root. I am at a loss as to where I should look to configure this. I have checked the obvious (authz modules are loaded, allow overrides is set to all) Any ideas? Here are my configuration details.
I have an Apache 2.2 server running on RHEL. Within this server I have an IP based VirtualHost that is configured like where myipaddr and myserver are the actual IP address and host name respectively:
<VirtualHost myipaddr:80>
ServerName myserver
TransferLog /var/log/httpd/myserver.access
LogFormat loadbalanced
ErrorLog /var/log/httpd/myserver.error
DocumentRoot /var/www/myserver
<Directory /var/www/myserver>
Options -Indexes FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
I have tried more complex directives but even a simple .htaccess file that should deny everything has no effect.
Order deny,allow
Deny from all
It turns out the was a configuration file in /etc/httpd/conf.d that I did not realize was getting loaded and it was trumping the denies and allows within specific directories.
<Location />
Order allow,deny
Allow from all
<LimitExcept GET POST PUT DELETE>
Deny from all
</LimitExcept>
</Location>
I have an apache2 server, serving a website from the following directory /var/www/
I'm trying restrict this website to all but 2 ip addresses
I've put the code below in the security file located on my linux
server directory:
etc/apache2/conf.d/security
<Directory /var/www/>
Order allow,deny
#Allow from IPADDRESS1
Allow from IPADRESS2
</Directory>
1) Why can I access the website from IPADDRESS1 when it's commented out?
2) Is this the section of the apache2 documentation that deals with this?
I think you need to specify to deny all other connections. I.E:
<Directory /var/www/>
Order allow,deny
#Allow from 192.168.1.4
Allow from 149.254
Deny from all
</Directory>
I setup my wamp server and can access phpMyAdmin directory on the local host.
I'm trying to access a file from my directory but it gives me error 403 Forbidden yet I've tried to change my httpd.conf to
DocumentRoot "c:/wamp/www/"
<Directory "c:/wamp/www/">
Options Indexes FollowSymLinks ExecCGI
Order allow,deny
Allow from all
AllowOverride All
</Directory>
And I've also changed my phpadmin.conf to
<Directory "c:/wamp/apps/phpmyadmin3.4.5/">
Options Indexes FollowSymLinks ExecCGI
AllowOverride all
Order Deny,Allow
Allow from 127.0.0.1
Allow from MACHINE_IP
And I still can't access some files on my server
Here is the exact message:
Forbidden
You don't have permission to access
/php_sandbox/e-commerce/4-full-mvc-framework/views/login/index.php on
this server.
In your phpadmin.conf these lines are your problem:
Allow from 127.0.0.1
Allow from MACHINE_IP
change this to
Allow from all
and it should work.
Okay now, this problem has been driving me crazy for a week! I hope we will find a solution together.
I am trying to configure my wamp server to run on a local network (be accessable from a local network). Specifically, I want to access a project saved in the /www folder from another computer using a local area connection. I am using Windows 7 for my wamp server. However, when I run "192.168.178.3:8080" from the other computer I get the following error:
Forbidden: You don't have permissions to access / on this server.
I am running wamp on port 8080 (port 80 is used by IIS);
My local IP address is 192.168.178.3
I'll try to explain the things I have done so far...
Changed the following in httpd.conf:
Listen 192.168.178.3:8080
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<Directory "c:/wamp/www/">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
# Online --> Require all granted
# onlineoffline tag - don't remove
Order Deny,Allow
Allow from all
Allow from 127.0.0.1
Require local
</Directory>
<Directory "c:/wamp/www/project">
allow from all
</Directory>
<Directory "cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Also, I inserted the following lines in http-vhosts.conf:
<VirtualHost 192.168.178:8080>
DocumentRoot "C:/wamp/www/project"
</VirtualHost>
I've restarted everything and put the server Online but still get the same error.
Any help or suggestion would be appreciated.
Thank you in advance!
I actually managed to solve my problem.
The port 8080 seemed to be causing problems (weird right). So I reinstalled wamp and only made the following changes in the httpd.conf (using port 8070):
Listen 192.168.178.3:8070
<Directory "cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
Also, I had to add an exception of this port in the Kaspersky firewall, as well as configuring the router to forward the port.
That solved it.