I want my htaccess code to work only on my live machine and not the local,
What code can I write in the HTaccess to differentiate?
In your local apache VirtualHost add this instruction:
<Directory /my/directory/where/the/htaccess/is >
# prevent reads of .htaccess files
AllowOverride None
</Directory>
Then you local Apache will never read any .htaccess in this directory (and subdirectories)
Related
Can't change Apache web root directory on Ubuntu.
file exists in sites-enabled folder
I changed /etc/apache2/sites-enabled/mynewsite.conf file document root
<Directory /media/saptarshi/BAAA7114AA70CDFF/webdev>
Options Indexes FollowSymLinks
Allow from all
AllowOverride None
Require all granted
</Directory>
and, also I changed /etc/apache2/apache2.conf file document root
<Directory /media/saptarshi/BAAA7114AA70CDFF/webdev>
Options Indexes FollowSymLinks
AllowOverride None
Allow from all
Require all granted
</Directory>
After changing those I restart the apache then it not worked. Shows
403 error. Forbidden
You don't have permission to access this resource. Apache/2.4.41 (Ubuntu) Server at localhost Port 80
But magically when I change the path within the home directory(/home/saptarshi/test) then it work. So , Is it possible to change apache root directory outside the home folder in ubuntu?
Two things I would like to mention. Firstly, because of something isn't working, don't write the same configurations into multiple apache config files. It will create more problems rather than solving one. Secondly, you should always edit the respective site config file in the /etc/apache2/sites-available/ directory rather than editing the file in the /etc/apache2/sites-enabled/ directory. It's a symlink, so, it's always better to edit the main file and reload the config.
Now your problem might or might not be related to directory path only. It might be a user permission related problem as well. Could you please attach the entire apache2.conf file and the mynewsite.conf file? Also, what's the host you're trying to access it with?
Here is my directory structure
root
private
public
Using .htaccess and/or httpd.conf, I want to limit access to the private folder to only code executed from the root folder. So, no external access to anything in the private folder. Honestly, I have tried a lot of options, but nothing seems to work.
My test environment is XAMPP - installed on my local machine.
EDIT
One of the issues I encountered was using the wrong directory path. I created a simple PHP page with just phpinfo()
<?php
phpinfo();
?>
In the PHP Variables section, I looked for _SERVER["CONTEXT_DOCUMENT_ROOT"]. I used this for the directory path and then added private (the folder in the root that I wanted to limit access to). Thus, my completed code in the httpd.conf is below:
<Directory "E:/xampp/htdocs/home/private">
Order deny,allow
Deny from all
</Directory>
Using Order deny,allow and Deny from all should be already sufficient
Order deny,allow
Deny from all
If you put this in a .htaccess in the private folder, all access from outside will be prohibited.
Alternatively, you can put it in a <Directory /path/to/root/private> in httpd.conf, which has the same effect
<Directory /path/to/root/private>
Order deny,allow
Deny from all
</Directory>
Update:
According to Apache HTTP Server Tutorial: .htaccess files you should prefer httpd.conf over .htaccess files
You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.
I wish to set up an apache server running php. I want all the files in a particular folder (say /site/ ) to be accessible from www.example.com/ . However I wish the files in /site/data/ to be not visible through www.example.com/data/ . I want www.example.com/fun.php script to be able to read/write to /site/data/ . What is the best way to do this through premissions and the apache defalt file?
You need to set up your directory structure slightly differently to what you have proposed. Rather run your site under a directory like:
/site/html
and store your data under a directory like:
/site/data
configuring Apache to only serve files from /site/html and not /site/data
or if you are using a more traditional apache directory structure then put the files you want publicly accessible through the web server in:
/var/www/html
and the private data files you only want your application to have access to in something like:
/var/www/data
Your Apache conf file will then contain something like:
DocumentRoot "/var/www/html"
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
This way the files in /var/www/data will not be publicly accessible but these files can still be accessed by php scripts in /var/www/html/
Disable Apache directory listings by putting this in your .htaccess file under /site/data
Options -Indexes
I have a folder with a lot of .php files. I would like to deny access to them (using .htaccess). I know an option is to move this folder outside public_html, but this is not possible in this situation.
Is is possible to block access to a whole folder?
Add this to the .htaccess file:
order deny,allow
deny from all
Apache 2.4 now uses a different way to do this so the method that works for Apache 2.2 will not work. See below for the method that will work for Apache 2.4. Place this in your Apache .htaccess file or better yet in a <Directory> directive in the Apache .conf file for your site.
Using .htaccess:
If using Apache 2.2:
order deny,allow
deny from all
If using Apache 2.4 use:
Require all denied
Using Apache Configuration files:
Instead of using a .htaccess file, it is usually preferred to place the configuration directly in your Apache .conf file as follows:
<Directory "/var/www/mysite">
Require all denied
</Directory>
Or if using a virtual host:
<VirtualHost *:80>
### Other configuration here ###
<Directory "/var/www/mysite">
Require all denied
</Directory>
### Other configuration here ###
</VirtualHost>
Of course the above configurations are examples, and you will need to adjust according to your requirements.
Create .htaccess file inside the desired folder with the following contents:
Deny from all
Edit apache2.conf or httpd.conf, whatever you find in Apache2 directory (probably located in /etc/apache2). You'll need to edit/check the following:
AllowOverride ALL (in the related <Directory> tag)
AccessFileName .htaccess
Edit your site's configuration file only in case you have a <Directory> tag specified inside it and add the following line:
AllowOverride ALL
Restart your Apache2 server
service apache2 restart
The above steps are all meant for Linux environments. The same instructions would work well for Windows environments except for the paths and the server restart command.
Reference: http://www.cyberciti.biz/faq/apache-htaccess/
Just add a .htaccess file with the code Deny from all to the folder.
More info at http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
I have just configured Apache and PHP to work on my local Mac OS X computer. Now PHP works fine, except when I try to load the files for my live sites. The live sites have separate directories and are sorted by client name etc.
I've created symlinks in the default root for the local web server documents. My issue is that Apache doesn't seem to want to load any of the relative paths that are found in the HTML pages. For example, I have src="/css/main.css" but Apache doesn't load the file, similarly for images, it just resolves as a file not found 404 error. I then thought it might be the symlinks so I copied the full directory into the Apache document root, and still had the same result.
I would really love to setup my local development environment to run Apache, PHP, MySQL to develop locally then publish when ready. I also tried the MAMP installation, and had the same issues.
First you might want to try using src="./css/main.css".
When dealing with multiple live sites I like to setup a single configuration file for each site with apache and then load them all together in the httpd.conf file.
for my setup it looks like this:
in
/etc/apache2/httpd.conf
I have:
# Begin virtual host directives.
Include conf/bortreb.conf
Include conf/rlmcintyre.conf
Include conf/laserkard.conf
Include conf/judyates.conf
and then in
/etc/apache2/conf/judyates.conf
I have:
<VirtualHost *:80>
#localhost site
ServerAdmin email#example.com
DocumentRoot "/home/r/Desktop/web/judyates"
ServerName localhost
ServerAlias judyates.localhost
ErrorLog "/home/r/Desktop/web/judyates/log/error_log.log"
ScriptAlias /cgi-bin/ "/home/r/Desktop/web/judyates/cgi-bin/"
<Directory "/home/r/Desktop/web/judyates">
Options Indexes FollowSymLinks
Options +ExecCGI
AddHandler cgi-script cgi pl py
AllowOverride Options
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
#live site
ServerAdmin email#example.com
DocumentRoot "/home/r/Desktop/web/judyates"
ServerName judyates.com
ServerAlias *.judyates.com
ErrorLog "/home/r/Desktop/web/judyates/log/error_log.log"
ScriptAlias /cgi-bin/ "/home/r/Desktop/web/judyates/cgi-bin/"
<Directory "/home/r/Desktop/web/judyates">
Options Indexes FollowSymLinks
Options +ExecCGI
AddHandler cgi-script cgi pl py
AllowOverride Options
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
This way works really well, because you can set the subdomain yoursite.localhost
to loop back to your home ip address.
With this setup, when I work on judyates.com on my computer and want to test anythig, I just go to judyates.localhost in my web browser.
I have about 5 other sites all set up this way in their own *.conf file, so they can each live in their own directories on my computer that exactly match the directories they'll be in on the server.
The key is to use virtual hosts to go to different sites based on the subdomain.
You can learn how to configure subdomains that point to yourself here:
http://digitalpbk.blogspot.com/2007/01/making-subdomains-on-localhost.html
My setup goes even one step further because I setup the server too. Whenever I want to update I load both the webfiles AND the apache config files, and that way the server exactly mirrors my local setup. The only difference is that the real judyates.com points to the server and not my home computer, so when people try to visit the site they get everything from the server.
Have you tried src="css/main.css"? That is, without the leading slash? If you have a leading slash there your files would have to be in a directory named css that was in the root directory of the webserver, and if I understand you correctly that's not the case.
EDIT: OK, from reading your comments it seems like you are not quite clear on how relative urls work. "/css/main.css" is not relative to the page's location in the directory tree. It means a file named "main.css" in a directory named "css" in the root directory of the webserver. When you put your files on the deployment server your css directory is at the webserver's root directory. But it sounds like you are currently putting the css directory in a subdirectory named for the client... so your css file is now living at "/clientname/css/main.css".
If I understand you correctly, you can do what you want by using relative urls. If your html file is in the same directory as the css directory you would need "css/main.css". If it's in a subdirectory of the directory that contains the css directory you would need "../css/main.css"- the ".." means the parent directory of the current directory. If you use relative urls they will continue to work as long as the relationship between the files doesn't change.
Here's a page on the subject that explains it adequately, I think: http://www.webreference.com/html/tutorial2/3.html. Was pretty much the first thing I found in Google though, so there are likely better explanations out there.
There are a number of Apache directives that you could use to do this, but if using relative urls would work for you (and if I understand you correctly it would) then that's likely to be a lot simpler and less likely to cause you further trouble.