I was trying to block access to directory but the problem is that use will get 403, The problem is that i dont want the user even know there was a folder so i want him to get 404 instead, The closest thing i found is(Link):
<Directory /web/docs>
ErrorDocument 404 default
</Directory>
But it didnt worked, If anyone know the right syntax or a way at all of doing so i will be very thankful, Thank you all and have a nice day.
In a .htaccess in your folder
order deny, allow
deny from all
But with this code, you will no longer be able to access your folder/files.
Related
I have an IP-restricted site configured to allow access only from specific URLs. The configuration is in apache2.conf as follows:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require ip 123.45.678.90
</Directory>
I'd like to display a custom 403 page instead of the default one, so I created 403.html. However, I'm having trouble finding the right place to put it in apache2.conf.
I've tried adding "ErrorDocument 403 403.html" inside the directive, but then the webpage literally displays "403.html" -- not the page, but that actual string. That'd be fine if I just wanted to have the message IN the apache2.conf, but I'd prefer to actually have a page I can edit a little more conveniently.
I've tried placing it outside the Directory directive, but that returns the typical 403, plus the following:
Additionally, a 403 Forbidden error was encountered while trying to
use an ErrorDocument to handle the request.
I figure that makes sense, since they're not allowed in that directory anyway. So, I tried creating a new folder called /var/error and adding it there. However, that returns the same "additionally..." error above.
Where's the proper place (and how) to put this?
I been searching and couldn't find this answer, usually they all ask how to block viewing the file from outside the domain.
I have a website where I don't have access to the remove a script by hand or Javascript since it executes before I can do it, but I do have access to the folder, so I was thinking if I can add an .htaccess blocking that specific JavaScript file (not all the .js files, only one which is prototype).
Is there any code to do to that?
Thank you in advance.
Yes there is! Put this in your .htaccess file:
<Files "example.js">
Order Allow,Deny
Deny from all
</Files>
I've been trying to configure the FRAPI framework for the last three day on AWS. I have configured the admin panel without errors, but, for some reason, the API portion isn't work. I can, however, access the API homepage, which is pulling actions created in the admin panel. (See http://www.serverstars.net/)
Here's the odd thing: If I enter a non-existent action url, I get the FRAPI "ERROR_INVALID_ACTION_REQUEST" error. However, if I enter a real action url, I get a 500 error. (See http://www.serverstars.net/get/banned/36.json)
The Api virtual host config:
<VirtualHost *:80>
ServerName serverstars.net
ServerAlias www.serverstars.net
ServerAdmin admin#api.frapi
DocumentRoot /var/www/frapi/src/frapi/public
<Directory /var/www/frapi/src/frapi/public>
AllowOverride All
Order deny,allow
Allow from All
</Directory>
</VirtualHost>
The .htaccess rewrite for /var/www/frapi/src/frapi/public
RewriteEngine On
RewriteRule ^.*$ index.php [QSA,NC,L]
I suspect that the RewriteRule is causing the problem, or maybe the MySQL conn, but I doubt the SQL connection would throw a 500 error.
Your help is greatly appreciated!!
By looking at other parts of your API, mainly the default API calls that are set, we can see that the rewrite-rules are working fine.
http://www.serverstars.net/collection/foo.json
The problem is likely to reside in the model that is either selecting data from the mysql-query and puts it into the $this->data variable, or the problem resides between PHP and MySQL.
Whilst I can't give you a direct answer, I would suggest you look at the following:
Make sure all the permissions are set properly by looking at: http://frapi.github.io/installing/index.html#frapi.installing.configuring.apache
Print the results from the mysql query directly after having received it and use die() (yes, try print-and-die debugging),
In your banned collection controller, try removing the MySQL query and put a mock variable to be returned. This will confirm whether or not the rewrite rules reach your controller,
If the mock variable is returned properly after removing the SQL Query and its results, look at debugging the values returned by the SQL query and how you select relevant data from it.
If all fails, make sure you have logs on the apache side, and also look at the PHP error log. If you don't have php-error-logs enabled, add this to your php.ini:
error_log = /tmp/php_error_log
Now, this doesn't directly answer your question but hopefully it'll help you reach the answer you are looking for :-)
The setup
root/
.htaccess :
Deny from All
RewriteEngine On
RewriteRule secret.txt /root/public/welcome.txt
secret.txt
public/
.htaccess :
Allow from All
welcome.txt
The problem
A request to /root/secret.txt results in a 403 (Forbidden) response that tells me I have no access to /root/secret.txt. (A direct request to /root/public/welcome.txt is permitted.)
Thus, it seems to me that the RewriteEngine does nothing to a request that would be denied by a Deny from All directive.
The question
It would be nice if someone knows a way to get the expected /root/public/welcome.txt served. However, it would be nicer if someone could help me reach my eventual goal.
The goal
I decided to write down my eventual goal, because maybe I'm just looking in the wrong direction.
I would like to Deny from All in the root, and have subdirectories decide when to override that with an Allow. Then I would also like Apache to rewrite all requests that would result in a 403 or 404 to a single specific file. As of yet, I'm planning to do this with a !-U flag, but I can't get past my initial problem.
Yo may try this in the .htaccess file at root directory:
Deny from All
ErrorDocument 404 /Error403_404.php
ErrorDocument 403 /Error403_404.php
"Error403_404.php" is an example. Replace with the 403 and 404 error handler script.
I want to restrict an entire site in such a way that just two IPs could enter the site. I have the following in my .htaccess (at the root of site):
ErrorDocument 403 http://www.example.com/views/error403.html
Order Deny,Allow
Deny from all
Allow from 311.311.311 322.322.322.322
ErrorDocument 404 /views/error404.html
ErrorDocument 500 views/error500.html
(Obviously, these are fake IPs, in my .htaccess they are the right IPs)
As you can see, I allow just 322.322.322.322 and all IPs from 311.311.311.0/24, and deny for the rest of people. What I want is that when anybody enter the site from another IP, he'll view the error403.html page.
The filter is working fine, but not the redirection. When I try to enter the site from a deny IP, I see an Apache message:
Found
The document has moved here
Where "here" is a link to error403.html.
I think I'm restricting even the error403.html page.
How can I do this restriction, but allowing the view of the error page? Should I move error403.html page to another directory (i.e., /views/error/ ) and put other .htaccess in it, allowing in that file all the IPs?
Thank you in advance!
Yes, you have answered your own question. :) Move all non-protected pages into another directory with its own .htaccess containing the proper Allow and Deny.