I have a web application currently being served on two HTTPS ports - let's say 443 and 8443. The application has an Apache HTTP server as the front end and I am running into trouble setting up Apache config to exclude certain paths on one of the ports. I have my config set up as below in Apache
<Location /MyApp>
AuthType SOME_AUTH_MODULE
require user valid-user
</Location>
<Location ~ "/MyApp/(Login.html|Welcome.html)">
Satisfy Any
Allow from all
AuthType None
Require all granted
</Location>
I have my virtual hosts setup in Apache as below
<VirtualHost _default_:443>
DocumentRoot /path/to/my/files
Servername www.example.com:443
Other details go here
</VirtualHost>
<VirtualHost _default_:8443>
DocumentRoot /path/to/my/files
Servername www.example.com:8443
Other details go here
</VirtualHost>
What are the expected problems with above configuration, considering that Location directive doesn't take host and port information? Does Location directive use the first matching entry OR will it use one of after the other?
More details for folks who know Shibboleth
The first Location entry allows users to access the application in an SSO (Single Sign On) environment. The second entry is designed to allow users to access the same virtual host on a different port (8443) without going through SSO. What we are seeing is, the request headers are lost towards the end of the processing chain. When I remove the second Location entry all works fine.
Put the /Location directive inside the vhost directive you want to secure.
<VirtualHost _default_:443>
DocumentRoot /path/to/my/files
Servername www.example.com:443
<Location /MyApp>
AuthType SOME_AUTH_MODULE
require user valid-user
</Location>
Other details go here
</VirtualHost>
<VirtualHost _default_:8443>
DocumentRoot /path/to/my/files
Servername www.example.com:8443
Other details go here
</VirtualHost>
Related
I'm trying to restrict direct access of my website through IP address. I want to only let people to see my website through domain.
When I made research I got one solution.
I added new VirtualHost in apache2 sites-available with my domain name and it worked with http://IP-ADDRESS but when someone try with https://IP-ADDRESS it can be accessible.
Again added another VirtualHost with port 433 to restrict https access too but it gives error.
My VirtualHost :
<VirtualHost *:80>
ServerName 157.245.247.15
ServerAlias localhost
ServerAdmin admin#localhost
DocumentRoot /var/www/my-site.com
<Location />
Order Allow,Deny
Deny from All
</Location>
ErrorLog ${APACHE_LOG_DIR}/157.245.247.15-error.log
CustomLog ${APACHE_LOG_DIR}/157.245.247.15-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName 157.245.247.15
ServerAlias localhost
ServerAdmin admin#localhost
DocumentRoot /var/www/my-site.com
<Location />
Order Allow,Deny
Deny from All
</Location>
ErrorLog ${APACHE_LOG_DIR}/157.245.247.15-error.log
CustomLog ${APACHE_LOG_DIR}/157.245.247.15-access.log combined
</VirtualHost>
Error :
This site can’t provide a secure connection157.245.247.15 sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Now i cannot access my website even IP or domain due to SSL Protocol Error. How it can be solved ?
My main goal is to block direct access to IP address in http or https.
My OS : Ubuntu
Web Server : Apache
Thanks
First of all you shouldn't use an ip address as servername or serveralias. You should use an fqdn (resolved by a dns or by en entry in your hosts file)
Second: i can't see any configuration about the https. Where are key, certificate and chain configured?
Third: your configuration is denying access to everything
<Location />
Order Allow,Deny
Deny from All
</Location>
and not giving access to anything else.
So I was using Wampserver for developing purposes, and I managed to set up the server for developing purposes (it worked with Dreamweaver, PHP worked etc.) but when accessing localhost, I get a 404 error.
I've hardly changed the settings, other than setting it to use that vhosts file, then I made a few new hosts in the hosts file in system 32, which all works fine.
localhost/phpmyadmin does work, however, so I am really stumped as to why it won't load anything. I also tried loading one of the site folders (localhost/Rufus) which also returned a 404. I have all the directories I need pointing to www folder, where all my files are saved.
And before anyone says, no it's not Skype or IIS, as they are both off and Wampserver is running on port 80 (I checked)
My vhosts file:
# Virtual Hosts
#
# Required modules: mod_log_config
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "c:/Apache24/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "c:/Apache24/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error.log"
CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>
<Directory C:\Users\Tom\sites\wamp\www>
Order Deny,Allow
Allow from all
</Directory>
<VirtualHost *:80>
DocumentRoot "C:\Users\Tom\sites\wamp\www\Rufus"
ServerName rufus.stone
</VirtualHost>
Remove the sample virtual hosts, assuming you aren't using them. You also need a virtual host for 'localhost' and it must be the first virtual host. After that you can include your other, custom vhosts.
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot "C:\Users\Tom\sites\wamp\www"
ServerName localhost
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:\Users\Tom\sites\wamp\www\Rufus"
ServerName rufus.stone
</VirtualHost>
If you get a permission denied error try putting the directive I took out into your httpd.conf:
<Directory "C:\Users\Tom\sites\wamp\www">
Order Deny,Allow
Allow from all
</Directory>
It would go right under a similar directive that includes a Deny from all on the root.
Make sure you always restart Apache whenever you make changes to these files.
The error 404 is saying that you have not granted access to those Virtual Hosts, so Apache is kicking you out.
You need to include with your Virtual Host some information to tell Apache which locations are allowed access to each VHOST
You also need to make localhost a Virtual Host and because the first VHOST is the default VHOST it should really be the first you define, and it should always be limited to allow access only from the local machine.
So see if this works any better.
# Virtual Hosts
#
<VirtualHost *:80>
DocumentRoot "C:\Users\Tom\sites\wamp\www"
ServerName localhost
<Directory "C:\Users\Tom\sites\wamp\www">
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:\Users\Tom\sites\wamp\www\Rufus"
ServerName rufus.stone
<Directory "C:\Users\Tom\sites\wamp\www\Rufus>
AllowOverride All
Require local
</Directory>
</VirtualHost>
Require local says allow access from the PC running WAMPServer only.
If later you want to allow other PC's on your internal network to see the Apache server you can add to that like this, for example.
Require local
Require ip 192.168.1
This, assuming you are on the subnet 192.168.1.? will allow any PC connected to your router (wired or wifi) access to the server.
You should avoid these, unless you actually want the world to access your site
Require all granted
OR the Apache 2.2 syntax, which still works on Apache 2.4
Order Deny,Allow
Allow from all
On my linux machine I have apache2 running as a reverse proxy, because I wanted to make another webserver on port 8083 accessible while also making it password protected. For this I added this to my apache2.conf:
<VirtualHost *:80>
<Location / >
AuthName "Protected Area"
AuthType Basic
AuthUserFile /home/pi/.htpasswd
Require valid-user
</Location>
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
</VirtualHost>
That works like a charm, but now I also want to use apache to serve a site, I would like to do this by making something like /mysite point to /var/www, but I can't really figure out how to do this or if it is even possible.
Any ideas?
I think you have two options:
1. Put the proxy in a separate <Location /someurl> and put the site outside. Requests to http://localhost/someurl/ will be proxied, everything else is the local site:
<VirtualHost *:80>
<Location /someurl >
# Password protection omitted for brevity
ProxyPass http://localhost:8083/
ProxyPassReverse http://localhost:8083/
</Location>
# Here is the site
DocumentRoot /var/www
# ... etc site config
</VirtualHost>
2. Use two separate VirtualHosts, one for the proxy and one for the site. You will need two separate hostnames pointing to your local ip. For local operations only, use /etc/hosts. In this exemple http://a.localhost/ is the proxy, http://b.localhost is the site:
/etc/hosts:
127.0.0.1 a.localhost
127.0.0.1 b.localhost
Apache config:
# This is the proxy, http://a.localhost/
<VirtualHost *:80>
ServerName a.localhost
# Do password protection as needed
ProxyPass / http://localhost:8083/
ProxyPassReverse / http://localhost:8083/
</VirtualHost>
# This is the site, http://b.localhost/
<VirtualHost *:80>
ServerName b.localhost
DocumentRoot /var/www
# ... etc site config
</VirtualHost>
I would probably go for two separate VirtualHosts, keeping stuff nicely separated.
What I am trying to do : To add a site (example.com) to apache2/sites-available (I have specified its document root) and then enable it and after that access it on my local machine (as example.com in browser). I have some following queries :
Is it possible to create a website and give a specific domain (example.com) to it?
What are the steps I need to follow in order to create a site, give a domain and access it on my local machine ONLY?
NOTE: I have the content of site. I want to create a new site and I do not want to change the default site(i.e. apache2/sites-available/default) of Apache.
UPDATE:
I faced a error while restarting Apache (I have added a VirtualHost as described)
ERROR
CustomLog takes two or three arguments, a file name, a custom log format string or format name, and an optional "env=" clause (see docs)
Action 'configtest' failed.
The Apache error log may have more information.
...fail!
My site's file
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName dev.subhransu.com
ScriptAlias /private /home/hg/repositories/private/hgweb.cgi
<Directory /home/hg/repositories/private/>
Options ExecCGI FollowSymlinks
AddHandler cgi-script .cgi
DirectoryIndex hgweb.cgi
AuthType Basic
AuthName "Mercurial repositories"
AuthUserFile /home/hg/tools/hgusers
Require valid-user
</Directory>
ErrorLog ${APACHE_LOG_DIR}/dev.subhransu.com_error.log
# Possible values include: debug, info, notice, warn, error, cr$
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/dev.subhransu.com_ssl_access.lo$
SSLEngine on
SSLCertificateFile "/etc/apache2/ssl/dev.subhransu.com.crt"
SSLCertificateKeyFile "/etc/apache2/ssl/dev.subhransu.com.k$
</VirtualHost>
httpd.conf file
<VirtualHost *:80>
ServerName dev.subhransu.com
ServerAlias www.dev.subhransu.com
</VirtualHost>
I think the feature you may be looking for is vhosts. With vhosts you can create any number of sites, each setup independently of the other. For each vhost you can specify the 'ServerName' directive which is your domain, which can be anything you want it to be. And then in your computers hosts file you can route all your calls for that domain to localhost.
If you only have one site that you need to setup, just edit the default apache configuration, leaving vhosts alone, and then update the hosts file on your machine as I mentioned earlier.
References:
vhost examples
How to edit your hosts file
In httpd.conf (or vhosts), the ServerName and ServerAlias settings are what domain names Apache will respond to
ServerName example.com
ServerAlias www.example.com
then just edit your hosts file to point example.com to 127.0.0.1
I'm using a framework that uses a full-stack to display all its webpages. This runs standard on port 9000. Very fine, but when going into production, the server seems to block everything except a few standard ports.
So therefore, the framework (Play framework), advises you to do this in your front-end webserver (in my case Apache2).
file: play.conf
<VirtualHost *:80>
ServerName http://avon.ugent.be
CustomLog /var/www/log/proxy-access.log common
ErrorLog /var/www/log/proxy-error.log
ProxyPreserveHost On
DocumentRoot /var/www
<Location /dev/app>
AuthType Basic
AuthName "Test Omgeving"
AuthUserFile /var/trac/htpasswd
Require valid-user
ProxyPass http://127.0.0.1:9000/
ProxyPassReverse http://127.0.0.1:9000/
</Location>
</VirtualHost>
This of course requires the mod_proxy module, that is being enabled with a2enmod mod_proxy. (I run this on a Debian distro)
The idea is to run two webservers, one front-end and one back-end with the application.
The reloading of the apache webserver works fine, the site is enabled and everything, but when I surf to the http://my.website.com/dev/app url, it renders a 404... Suggestions what's going wrong?
EDIT3:
After 10+ hours of trying it boils down to this:
I found the debugging command (finally :p) and this is the output:
apache2ctl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 is a NameVirtualHost
default server avon.ugent.be (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost avon.ugent.be (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost avon.ugent.be (/etc/apache2/sites-enabled/play.conf:1)
Syntax OK
Which indicates that the virtual server is indeed being added to the configuration.
But still, it renders a 404. Now, somewhere i've read that's because there is no index.html in that path. Is that necessary if you just want to use a reverse proxy?
For a start please try using Location instead of Directory. Directory is used for identifying directory paths on the filesystem not paths relative to the document root.
<Location '/dev/app'>
AuthType Basic
AuthName "Test Omgeving"
AuthUserFile /var/trac/htpasswd
Require valid-user
</Location>
Try the following. It should prompt for the username/password and then pass the request to http://127.0.0.1:9000. In my case, Apache gives a "Service Temporarily Unvavailable", which you should get as well if you turn off the application running on port 9000
<VirtualHost *:80>
ServerName my.website.com
<Location /dev/app>
AuthType Basic
AuthName "Test Omgeving"
AuthUserFile passwd/.htpasswd
Require valid-user
ProxyPass http://127.0.0.1:9000
ProxyPassReverse http://127.0.0.1:9000
</Location>
</VirtualHost>
If you still get a 404, can you confirm that it's not the backend server sending it?