I am unable to stop apache from creating directory listings when using the server IP address. I have tried editing the relevant site-available files as follows;
<VirtualHost *:80>
JkMount /* default
ServerName example.co.uk
ServerAlias www.example.co.uk
ServerAdmin me#example.co.uk
DocumentRoot /var/www/example.co.uk/public_html
ErrorLog /var/www/example.co.uk/logs/error.log
CustomLog /var/www/example.co.uk/logs/access.log combined
<Directory /var/www/example.co.uk/public_html>
Options -Indexes
</Directory>
</VirtualHost>
...but the public_html folder contents are being listed if I access the server using a url of this format;
http://192.168.1.99/example.co.uk/public_html
I have also tried to amend the apache config file at /etc/apache2/apache.conf to include the following;
<Directory />
Options -Indexes
</Directory>
..but no joy.
I am using Tomcat, and I need my WEB-INF folder to deny access. It doesn't, and so any .class files can be downloaded.
Does anyone know how I can fix this?
thanks
This sounds a little weird. Do you have an Apache HTTPD in front of an Apache Tomcat Server?
In this case the Apache HTTPD must not point to a directory where the Apache Tomcat files reside! The communication between both can be seen more as a proxy rather than a plugin.
We have some good experience using mod_proxy_ajp for this purpose. But if you are able to download .class files and (panic mode on) the web.xml (panic mode off) something is terribly wrong.
This means that it will not reach your VirtualHost settings, but default virtual host settings.
You have 2 options (at least):
1, put .htaccess file to your directory for which you want to restrict listing
2, Setup you IP based virtual host with similar settings as your name-based vhosts
You said that you put
<Directory />
Options -Indexes
</Directory>
You should have Location instead of Directory there
What if you add /* to the end?
<Directory /var/www/example.co.uk/public_html/*>
Options -Indexes
</Directory>
Update:
Or try to add the entry outside the VirtualHost directive.
Related
I have deployed OwnCloud 8 on a Ubuntu 14.04 instance to the domain box.example.com. I would like to host some static html on the same VM and have apache point project.example.com to it at /var/www/html.
In apache the file /etc/apache2/conf-available/owncloud.conf was created by OwnCloud containing:
#I changed the first line as follows
##Alias /owncloud "/var/www/owncloud/" # commented out
Alias / "/var/www/owncloud/"
<Directory "/var/www/owncloud">
Options +FollowSymLinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud
</Directory>
How can I add a new subdomain VM in apache so that I'll have two working sites: box.example.com (OwnCloud instance) and project.example.com (static html). So far with everything I have tried project loads the OwnCloud front-end and does not open the static html.
Do I need to touch /etc/hosts?
I will update with examples of things I am trying and outcomes.
You can add both virtualhost in the same file (after the first ) directive or create another file in /etc/apache2/sites-available/ . You can start from the existing default file and adapt the servername and directory where your "project" is, and any other directive as needed.
Beware, if you run Apache2.4, the files should be named anyname.conf, for instance box.example.com.conf
And don't forgot to reload your apache server after having enabled the site.
You also need to set-up your DNS, in a zone file, for both box.example.com and project.example.com to point to the IP of your server.
You could create virtual host config files like /etc/apache/sites-available/01-owncloud.
<VirtualHost *:80>
ServerName box.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/owncloud
<Directory /var/www/owncloud/>
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/owncloud-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/owncloud-access.log combined
Redirect 301 /.well-known/carddav /remote.php/carddav
Redirect 301 /.well-known/caldav /remote.php/caldav
</VirtualHost>
Then enable it with a2ensite 01-owncloud.
Don't forget to set NameVirtualHost *:80 somewhere in a conf. I used /etc/apache2/ports.conf.
is there anyway to defy .htaccess? I mean to break what the rule written in the .htaccess file.
I have a directory, and I don't want others to browse it. So I created .htaccess file and wrote this
Deny from all
Is there anyway people can break it?
Nope this is radical. Nobody can access it. It is safe and commonly used. The deny is made server side, so nobody can try to bypass it.
.htaccess files are as secure as Apache allows you to.
See for example, assuming your .htaccess file is located in /var/www/foo:
<Directory />
Allow From All
AllowOverride All # allow .htaccess files globally
</Directory>
<VirtualHost *:80>
ServerName www.foo.com
DocumentRoot /var/www/foo # impossible to access, thanks to .htaccess
</VirtualHost>
<VirtualHost *:80>
ServerName www.bar.com
DocumentRoot /var/www/foo # same directory as above
<Directory /var/www/foo>
AllowOverride None # woops .htaccess will not be read, files can be accessed from this vhost
</Directory>
</VirtualHost>
Therefore there is no guarantee ever that your files are securely protected, as long as you don't know (and don't understand) how your apache installation is configured.
I have a problem about configuring apache for my installed Redmine.
I've installed Redmine (v 1.2.1) in /usr/local/lib/ directory successfully and it works. I want to configure apache so that Redmine would be accessible through http://myhost/redmine while I've installed a wordpress-based website in /var/www binded to http://myhost/. What should I do?
Here my current apache configuration (/etc/apache2/sites-enabled/001-redmine):
<VirtualHost *:80>
ServerName myhost
DocumentRoot /usr/local/lib/redmine-1.2.1/public
ServerSignature off
<Directory />
Order Deny,Allow
Deny from all
</Directory>
<Directory /usr/local/lib/redmine-1.2.1/public>
AllowOverride None
Order allow,deny
Allow from all
Options Indexes ExecCGI FollowSymLinks
Options -MultiViews
</Directory>
ErrorLog /var/log/apache2/redmine-error.log
CustomLog /var/log/apache2/redmine-access.log combined
</VirtualHost>
Thanks.
You can also follow the FAQ from the Redmine site: http://www.redmine.org/projects/redmine/wiki/HowTo_Install_Redmine_in_a_sub-URI
I used Phusion Passenger for the Ruby plugin. I then symlinked the public folder to /var/www/redmine.
My Apache config has:
RailsBaseURI /redmine
<Directory /var/www/redmine>
Options -MultiViews
</Directory>
I had the same problem a while ago and kept some notes. According to what I figured out then, hiding the Redmine Mongrel behind the myhost/redmine dir is not entirely possible. True, Apache can act as a gateway by setting it up the following way:
ProxyPass /redmine/ http://myhost:4000/
ProxyPassReverse /redmine http://myhost:4000
ProxyPreserveHost on
But this would only work if the HTML returned by Redmine contained relative paths and not a single absolute path. Suppose a Redmine page /dir1/whatever.html references a CSS file /resources/styles.css. The client sees the HTML page as /redmine/dir1/whatever.html. If the CSS reference is relative, the client requests /redmine/css/styles.css, and Apache will forward it to the proxy as /css/styles.css. If the reference is absolute, though, the client asks for /css/styles.css, and Apache will not actas a proxy for that one. End of story.
NB: There is a third party module mod_proxy_html which parses the HTML and rewrites the references. But it will not be present on most servers.
The solution, it seemed, was to 301-redirect any requests within the /redmine dir explicitly to the Mongrel at http://myhost:4000 (should be possible with mod_rewrite).
I am trying to set up a VirtualHost for some web projects I have undergoing. To do this, I have a folder in my User account ~/Projects/ in which I place all of my projects and I want to remain like that. When I tried to create a VirtualHost under ~/Projects/aproject/web Apache denies me access.
After some tries, I discovered that if I put the project under other directory than the user space (~/....) the Apache lets me create the VirtualHost that otherwise denies access.
I think this problem has to do with the UserDir directive which I think prevents access to every folder in user space but the ones listed in the UserDir - in my case it is UserDir Sites - but I do not know how to circumvent this and allow Apache to serve custom user space folders. Any ideas?
The directives in httpd.conf that I am trying are this ones:
<VirtualHost *:80>
DocumentRoot "/Users/myuser/Projects/myproject/web"
ServerName www.myproject.local
</VirtualHost>
<Directory "/Users/myuser/Projects/myproject/web">
Options Indexes MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
I also have set the directive NameVirtualHost *:80 in httpd.conf.
And created the appropriate directive in /etc/hosts: 127.0.0.1 www.myproject.local.
Best regards.
You may need to alter the config for your user:
users/{username).conf
Then all AuthConfig to AllowOverride
My web host points my "main" domain name to the root www folder. The web files for that site are located in the "www/app/webroot" folder. I currently have the site up and running using the following in the htaccess file:
RewriteBase /
RewriteEngine on
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
I'm trying to start a dev site for the same site. I made a folder named "dev" in the www folder. So, the web files for this folder are in: "www/dev/app/webroot" I have a sub-domain pointing to the dev folder. When I use the same htaccess as above in the dev folder, it doesn't work because (I believe) it is inheriting the settings from the root www folder. When the page loads, it just comes up blank. How do I set up my htaccess files to allow for both sites?
Thanks in advance for any help! I'm obviously a novice at this stuff.
So we'll try to clean the things :-)
Avoid using .htaccess. All the settings in a .htaccess in a directory /foo/bar can be set in apache configuration as a Directory setting (.haccess is usefull if you provide limited access on apache conf, if you own the server don't use it).
<Directory /foo/bar>(...)</Directory>
Then you can access your sites with named based virtualhosts. Verify you have this option:
NameVirtualHost *:80
When you have it nice things can start.
This will be your virtualhost for your 1st app:
<VirtualHost *:80>
ServerName app
ServerAlias www.app.somwhere.com
ServerAlias app.somwhere.com
DocumentRoot /www/app/webroot
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /www/app/webroot>
Options Indexes FollowSymLinks
# this prevent.htaccess reading, remove if you want .htaccess
AllowOverride None
# allow web access
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Most apache settings can be define here. Only for your 1st app. Apache will serve this configuration for all requests done for the site name 'app', or 'www.app.somwhere.com', or 'app.somwhere.com'. You can define a lot of alias(ServerAlias)., and only one name (ServerName).
Then if you go in your browser and type http://app/ your browser won't find the server, so set it in your /etc/hosts. This is what every people wanting to access your app should have in the hosts file until you get a real DNS (assuming your 1st app is app.somwhere.com and the second foo.somwhere.com and 92.128.52.226is your external IP):
127.0.0.1 app.somwhere.com app foo foo.somewhere.com
92.128.52.226 app.somwhere.com app foo foo.somewhere.com
And now let's add another virtualhost for your second app:
<VirtualHost *:80>
ServerName foo
ServerAlias www.foo.somwhere.com
ServerAlias foo.somwhere.com
DocumentRoot /www/foo/webroot
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /www/foo/webroot>
Options Indexes FollowSymLinks
# this prevent.htaccess reading, remove if you want .htaccess
AllowOverride None
# allow web access
Order allow,deny
allow from all
</Directory>
</VirtualHost>
And etc.
Don't forget to restart your apache. No rewrite rule. nice virtualhosts is the 1st step of a nice configuration, you will be able to define rules, directory or location specific things per name used. Even php configuration can be set per virtualhost with php_value instead of a global shared one on php.ini.
type
apache2 -S
to get the list of your virtualhosts, you'll see that the first one is the 'default' one, if apache does'nt understand the name of the requested site it will serve this default one (so you could ad a specific virtualhost on top to handle theses cases).
Try adding dev/ to the paths in lines 3 and 4 to your dev .htaccess.
Maybe you should remove the "RewriteBase /" line in the .htaccess in your dev folder?