I want to handle all files with the default handler, but not directories/subdirectories.
I've these without success:
<Files>
SetHandler default-handler
</Files>
<Files *>
SetHandler default-handler
</Files>
<Files "*">
SetHandler default-handler
</Files>
The last two both work, however accessing a directory will cause my 404 page to appear.
Related
Why do I get this error on apache when I access a certain js file??? I tried changing the httpd-xampp.conf from Require local to Require local granted but still to no avail.
I have the right permission to the js file I can even edit it using notepad++.
Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
Error 403
localhost
Apache/2.4.17 (Win32) OpenSSL/1.0.2d PHP/5.6.14
here is inside the http-xampp.conf file.
#
# XAMPP settings
#
<IfModule env_module>
SetEnv MIBDIRS "C:/xampp/php/extras/mibs"
SetEnv MYSQL_HOME "\\xampp\\mysql\\bin"
SetEnv OPENSSL_CONF "C:/xampp/apache/bin/openssl.cnf"
SetEnv PHP_PEAR_SYSCONF_DIR "\\xampp\\php"
SetEnv PHPRC "\\xampp\\php"
SetEnv TMP "\\xampp\\tmp"
</IfModule>
#
# PHP-Module setup
#
LoadFile "C:/xampp/php/php5ts.dll"
LoadFile "C:/xampp/php/libpq.dll"
LoadModule php5_module "C:/xampp/php/php5apache2_4.dll"
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
#
# PHP-CGI setup
#
#<FilesMatch "\.php$">
# SetHandler application/x-httpd-php-cgi
#</FilesMatch>
#<IfModule actions_module>
# Action application/x-httpd-php-cgi "/php-cgi/php-cgi.exe"
#</IfModule>
<IfModule php5_module>
PHPINIDir "C:/xampp/php"
</IfModule>
<IfModule mime_module>
AddType text/html .php .phps
</IfModule>
ScriptAlias /php-cgi/ "C:/xampp/php/"
<Directory "C:/xampp/php">
AllowOverride None
Options None
Require all denied
<Files "php-cgi.exe">
Require all granted
</Files>
</Directory>
<Directory "C:/xampp/cgi-bin">
<FilesMatch "\.php$">
SetHandler cgi-script
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler None
</FilesMatch>
</Directory>
<Directory "C:/xampp/htdocs/xampp">
<IfModule php5_module>
<Files "status.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
</Directory>
<IfModule alias_module>
Alias /licenses "C:/xampp/licenses/"
<Directory "C:/xampp/licenses">
Options +Indexes
<IfModule autoindex_color_module>
DirectoryIndexTextColor "#000000"
DirectoryIndexBGColor "#f8e8a0"
DirectoryIndexLinkColor "#bb3902"
DirectoryIndexVLinkColor "#bb3902"
DirectoryIndexALinkColor "#bb3902"
</IfModule>
Require all granted
</Directory>
Alias /phpmyadmin "C:/xampp/phpMyAdmin/"
<Directory "C:/xampp/phpMyAdmin">
AllowOverride AuthConfig
Require all granted
</Directory>
Alias /webalizer "C:/xampp/webalizer/"
<Directory "C:/xampp/webalizer">
<IfModule php5_module>
<Files "webalizer.php">
php_admin_flag safe_mode off
</Files>
</IfModule>
AllowOverride AuthConfig
Require all granted
</Directory>
</IfModule>
#
# New XAMPP security concept
#
<LocationMatch "^/(?i:(?:xampp|security|licenses|phpmyadmin|webalizer|server-status|server-info))">
Require local granted
ErrorDocument 403 /error/XAMPP_FORBIDDEN.html.var
</LocationMatch>
In this section:
<Directory "C:/xampp/php">
AllowOverride None
Options None
Require all denied
<Files "php-cgi.exe">
Require all granted
</Files>
</Directory>
Change
Require all denied
to
Require all granted
Not the perfect solution imho, but should make your dev environment work.
UPDATE:
Change the enitre section to this:
<Directory "C:/xampp/php">
AllowOverride None
Order Allow,Deny
Allow from All
</Directory>
This is the default I use (from symfony.com).
I figured it out. There was just a typo in my code....
this causes the error..
<script src="/hris/admin/../template/assets/js/jquery-ui.custom.js </script>"></script>
doubled the </script> tag
My server doesn't render any images under the cgi directory, I know that this is because apache is told to run every file under that directory as a cgi program.
I would like to adjust the settings to tell apache to run all the .cgi and .pl as cgi programs but run the rest of files as they should be.
For instance, if I go to example.com/x.gif from a browser I can see the image, but if I go to example.com/cgi-bin/x.gif I can't. (being the image in both dirs, of course, and with 775)
The problem is that I don't know how to tell that to apache, this is the httpd.include
<Directory /var/www/vhosts/example.com/httpdocs>
<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files> </IfModule> <IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files> </IfModule> <IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files> </IfModule> <IfModule mod_fcgid.c>
<Files ~ (\.php)>
SetHandler fcgid-script
FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
Options +ExecCGI
allow from all
</Files> </IfModule>
SSLRequireSSL
Options -Includes +ExecCGI
</Directory>
I found a solution.
As I said, apache is told to run every file under that directory as a cgi program. So are needed new rules to tell apache to use a default handler for those filetypes different from .php , .pl or .cgi:
<Directory /var/www/vhosts/example.com/httpdocs/cgi-bin>
<FilesMatch "^(?!.*\.(cgi|php|pl)$).*$">
SetHandler default-handler
</FilesMatch>
</Directory>
If you can't access the httpd.conf for any reason you still can do the trick with .htaccess adding this three lines to the .htaccess file of the cgi-bin folder:
<FilesMatch "^(?!.*\.(cgi|php|pl)$).*$">
SetHandler default-handler
</FilesMatch>
I want to deny access to anything except php files. I try with the following code in the httpd.conf file:
<Directory "c:/wamp/www/stf_1">
<Files *.*>
Order Deny, Allow
Deny from All
</Files>
<Files *.php>
Order Allow, Deny
Allow from All
</Files>
</Directory>
After the modification I tried to restart the server but doesnt respond. I don't know what is wrong.
I think the order of the directives is important. The way I am reading it is that you are first denying everything so the second directive doesn't fire.
Try
<Directory "c:/wamp/www/stf_1">
<Files "*.php">
Order Allow, Deny
Allow from All
</Files>
<Files "*.*">
Order Deny, Allow
Deny from All
</Files>
</Directory>
I wrote this script to deny all exept index.php
Order allow,deny
Deny from All
<Files *>
Order Deny,Allow
Deny from all
</Files>
<Files index.php>
Order Deny,Allow
Allow from all
</Files>
However links like http://mywebsite.com/image.jpg are still shown. How is that possible?
I would like to deny access to all files and directories on the server but a few ones that I explicitly allow. How can I do that with .htaccess? Why does my approach not work? I am aware I will have to allow .css, .jpg etc.
DirectoryIndex index.html
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files index.html>
order Allow,Deny
Allow from all
</Files>
edit: the above .htaccess gives me a "Forbidden" error when I try to access index.html. why?
edit: this seems to do the trick. I hope there are no holes left:
#Disallow everything
<filesmatch "\.+">
Order Allow,Deny
Deny from all
</filesmatch>
#Allow index
<Files index.html>
order Allow,Deny
Allow from all
</Files>
#Allow peripheral files
<FilesMatch "\.(css|png|jpg|js|ico)$">
Order Allow,Deny
Allow from all
</FilesMatch>
IP address : 127.0.0.1 have access to your server and others don't.
this part:
<Files index.html>
order Allow,Deny
Allow from all
</Files>
set access to index.html for all users BUT remember because you did not mention anything about other files they have default access attributes.
for example the code below allow files: 01.jpeg or 01.html or anything ended with xml.
<FilesMatch !"(01\.jpe?g|01\.html|xml)$">
order Allow,Deny
allow from 127.0.0.1
</FilesMatch>