I'm using Apache in my web server which resides in a public IP. I wan to be able to limit access of this whole site to the local network except for one file.
For example:
<Directory "/var/www/mysite">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
Allow from 192.168.1.1/24
</Directory>
would limit access to my website only to the people in that IP range. However, the file myfile.html also resides in that directory, and I want it to be visible publicly. Maybe:
<File "/var/www/mysite/myfile.html">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</File>
So my questions are: Does the <File> tag go inside the <Directory> tag or somewhere else? Will myfile.html be visible publicly even though it resides in a Directory that is only visible to a range of IPs? Do the configurations above look right? (I'm an apache noob) Is there a better way to this (maybe the firewall)?
Your input is appreciated.
Related
I'm exposing files using Apache's httpd <Directory> as below
Alias /getfiles "/web/playbooks/tmpfiles"
<Directory "/web/playbooks/tmpfiles">
Options Indexes MultiViews
AllowOverride None
Require all granted
</Directory>
With this I'm able to access all files/folder inside /web/playbooks/tmpfiles through web browser URL like the below.
http://<server>:<port>/getfiles/<anyfile.txt>
Is it possible to refresh the above URL so I could see latest changes to files/folder inside /web/playbooks/tmpfiles periodically?
Any solution would be great.
You could try to make the client autorefresh by itself through instructions in the html itself instead of trying to do something weird which is not probably in the http spec. (I might be wrong).
For example, according to your directory entry, load module_autoindex module and then use this config:
<Directory /web/playbooks/tmpfiles>
Options Indexes MultiViews
IndexOptions FancyIndexing
IndexHeadInsert "<meta http-equiv=\"refresh\" content=\"10\">"
AllowOverride None
Require all granted
</Directory>
This way Apache httpd will add that tag in the html and the client will know it has to autorefresh the page each 10 seconds. Generally it is not recommended to set this too low, so perhaps 10 seconds and above is alright for you.
I'm running httpd on fedora server 35 and want to use it to serve files on my local network. It works fine for files stored under the /var/www/html directory directly (e.g. /var/www/html/videos/video.mp4 can be accessed with http://IP/videos/video.mp4 on any local device).
I want to serve files stored in other locations in the file system. My plan was to create symbolic links to those locations. When I do that, I run into forbidden errors when trying to access the files (e.g. A video file /files/videos/video.mp4 linked with a sym link /var/www/html/videos-link -> /files/videos/ so that I would (theoretically) access it with http://IP/videos-link/video.mp4
I can navigate to http://IP/videos-link fine (an Index of DIRECTORY page, but no files are listed), but trying to access the file (http://IP/videos-link/video.mp4) gives me 403 forbidden.
My config (/etc/httpd/conf/httpd.conf) looks like this (it's a bit messy since I've been trying to fix this myself):
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www">
Options +FollowSymLinks +Indexes
AllowOverride All
Require all granted
</Directory>
...
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
...
<Directory "/files/videos">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
In attempts to make it work I've made sure the sym link and all the directories have the same owner and that their all 777 so ownership/read perms shouldn't be an issue. Would greatly appreciate some help, thanks.
My issue was with SELinux. To get it working immediately I was able to set SELinux to permissive mode with
# setenforce 0
That refreshes on boot and is probably insecure, so the permanent fix (to just let httpd through) would be:
# semanage permissive -a httpd_t
More details on SELinux in Fedora can be found here: https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-selinux/
Below is a segment from the owncloud.conf file in /etc/httpd/conf.d. It is the intent to lock out all access except the 10.0 intranet and a limited set of external ip address xx.yy.0.0. However the configuration is not locking out other access. All external address are being allowed. Is there something obvious with this configuration.
<Directory /var/www/http/owncloud/>
Options Indexes FollowSymLinks MultiViews
AllowOverride none
Require all denied
Order Deny,Allow
Deny from all
Allow from 10.0.0.0/16
Allow from xx.yy.0.0/16
</Directory>
It's either being overridden in a different configuration section (like Location or LocationMatch) or your clients are coming through proxies that make them appear to match your rules.
Try this
Deny from none
How ever swap around your ip config and change it to deny
Allow from 10.0.0.0/16
Allow from xx.yy.0.0/16
Just a simple question but I can't seem to find an answer.
I want to have Wampserver hosting a site (I am aware of the security implications of home hosting, don't worry), and I want to stop people accessing the index of folders and viewing all the files. For example, I want mysite/images not to be browsable, but I'd like for the files to be accessible, for example, mysite/images/image1.jpg.
My current virtual host for said website:
<VirtualHost *:25567>
DocumentRoot "C:\Users\Tom\OFFICIAL_WEBSERVERwamp\www\25567"
<Directory "C:\Users\Tom\OFFICIAL_WEBSERVERwamp\www\25567">
AllowOverride All
Require all granted
Options Indexes FollowSymLinks
</Directory>
</VirtualHost>
I have been struggling with this problem for some time now. Let me break it down:
We have an apache2 server which hosts most of our company's websites. Each website is a separate vhost. One of this vhosts is used by our internal UI Designer to present his latest drafts and projects to both internal users and 3rd party clients. At the moment, this VHost is password protected from the Vhost configuration file using this directive:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
AuthUserFile /home/secure/passwords
AuthName "Username and password required"
AuthType Basic
Require valid-user
</Directory>
What I need is to make this website available (so NO password prompt) to our internal users meaning a specific IP range. I have tried to use the Allow from 192.168.xxx.xxx option in the above instruction set. However this is not letting the internal IP through (still asking for a password). So I tried to use our company's external IP address (which you can find on any "what's my IP website"). No luck with that either.
So for my last attempt, I have created a second vhost which obviously uses a different ServerName. Also, in order not to have any conflicts in the configuration file, I have created a symlink to /var/www and called it www2. Therefore, the Directory directive in the second vhost file looks like this:
<Directory /var/www2/>
Options Indexes FollowSymLinks MultiViews
AllowOverride none
Order allow,deny
Allow from all
</Directory>
However the configuration files are clearly conflicting because with the current configuration I get password protection on both hosts. If I disable this in the first Vhost, I lose it on both.
There is no .htaccess file in any of the directories, so there is nothing there to overwrite the configuration. The apache2.conf file has nothing defined related to Auth.
I'm not sure if you require more details, but feel free to ask me anything.
I appreciate the help!
----edit----
I just want to specify that I can't say 100% that my method of doing it is the correct one. Maybe setting up 2 VHosts isn't the solution to my problem. If anyone thinks of a better way of doing it, I'm open to suggestions. Bottom line is that I need one website to be available to internal users and password protected for anyone else.
Cheers!
have you tried to solve this using Satisfy Directive of Apache?
For example:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
AuthUserFile /home/secure/passwords
AuthName "Username and password required"
AuthType Basic
Require valid-user
Allow from 192.168.1
Satisfy Any
</Directory>
More information can be found here