Apache configuration. How to forbid root folders viewing - apache

I've added VirtualHost
ServerAdmin root#localhost
DocumentRoot /var/www/html/blogovet.ru
ServerName www.blogovet.ru
ServerAlias blogovet.ru
But my script in this domain can see all server files /* not only in his directory /var/www/html/blogovet.ru
How to forbid viewing files except DocumentRoot ?

A script will be able to read all files that the user running the script can read. So you should make sure your web server does not run as root (it needs to be started as root to listen on port 80, but should swich user to e.g. "www" itself), and then make sure that that user can't read any sensible files.
You could also use SElinux for an extra layer of security.

I found this solution for PHP (If disable cgi and ssi, looks good)
<VirtualHost *:80>
ServerAdmin root#localhost
DocumentRoot /var/www/html/site.com
ServerName www.site.com
ServerAlias site.com
ErrorLog /var/www/html/site.com/error-log
# TransferLog /var/www/html/site.com/transfer-log
# CustomLog /var/www/html/site.com/access-log common
<IfModule mod_php5.c>
php_admin_value upload_tmp_dir "/tmp"
php_admin_value include_path ".:/usr/share/pear:/usr/share/php:/var/www/html/site.com"
php_admin_value open_basedir "/var/www/html/site.com"
php_admin_value doc_root "/var/www/html/site.com"
</IfModule>
<Directory "/var/www/html/site.com">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

Related

Where does Apache read $domain variable from?

In my operational Wordpress enabled Ubuntu instance, I have a 000-default.conf file with the settings:
./apache2/sites-available/000-default.conf: ServerName $domain
./apache2/sites-available/000-default.conf: ServerAlias www.$domain
grepping for \$domain inside etc gives me basically only this file.
Where does Apache get this value when running my site?
full 000-default.conf:
UseCanonicalName On
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName $domain
ServerAlias www.$domain
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<FilesMatch \.php$>
# 2.4.10+ can proxy to unix socket
SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost"
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
$domain is not a pre-defined variable in Apache HTTPD. The list of variables in the documentation does not have it.
As Environment variables are accessed using a %{VAR}-notation in Apache, so it is not read from the environment either.
It's also not in my 000-default.conf - which means it must be something specific to your setup.
And indeed it is! Wordpress includes that file in sites-available with $domain as a placeholder. During setup, the file gets copied into sites-enabled and the placeholder gets replaced. Look in sites-enabled/000-default.conf and instead of $domain, there should be your domain.

Logging PHP errors to a custom file for a Drupal website

I am setting up a webserver in CentOS 7 with multiple virtual hosts which includes a drupal website. I want to log the PHP errors of my Drupal website, say 'mysite' to a custom file say, /var/log/httpd/mysite_error.log. I have set this up in the httpd conf file of the virtual host (and this has worked for non-Drupal sites) but the errors are still logged to /var/log/php_error.log.
httpd conf file of the virtual host mysite (/etc/httpd/sites-available/mysite):
<VirtualHost *:80>
ServerName mysite
DocumentRoot /var/www/html/mysite/
<Directory "/var/www/html/mysite">
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/mysite_error.log
CustomLog /var/log/httpd/error_log combined
</VirtualHost>
You're just defining the Apache error log. For php you need php_value error_log /path/to.log.
See most topvoted answer at error_log per Virtual Host?
For Php Errors you have to configure them too, and they're are not ErrorLog or CustomLog as you declared here, these are servers log. Php errors variables start with php_value or php_flag.
<VirtualHost *:80>
ServerName mysite
DocumentRoot /var/www/html/mysite/
<Directory "/var/www/html/mysite">
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/mysite_error.log
CustomLog /var/log/httpd/error_log combined
php_flag log_errors on
php_flag display_errors on
php_value error_reporting 2147483647
php_value error_log /var/www/domains/example.com/php.error.log
</VirtualHost>

Apache Web Server Virtual host not Working

I am trying to view logs directory on ui for Apache Web server.
So i am trying to establish a new virtual host in httpd-vhosts.conf file and trying to give the document root to the logs folder.
<VirtualHost *:8083>
ServerAdmin tecmint#example.com
DocumentRoot C:/Program Files/Apache Software Foundation/Apache2.2/logs
ServerName localhost
ErrorLog logs/example.com-error_log
CustomLog logs/example.com-access_log common
</VirtualHost>
Also i have given NameVirtualHost *:8083 and in httpd.conf i have Listen 8083.
After restarting the server when i hit localhost:8083 it gives 404.
Can u please help me i figuring it out.
Thanks
Try with following VirtualHost configuration :
<VirtualHost *:8083>
ServerAdmin tecmint#example.com
DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/logs/"
ServerName localhost:8083
<Directory />
Require all granted
Options +Indexes
</Directory>
ErrorLog logs/example.com-error_log
CustomLog logs/example.com-access_log common
</VirtualHost>
Make sure you have added directory block for your docroot and you have at least read permission on it.
<Directory "C:/Program Files/Apache Software Foundation/Apache2.2/logs/">
Require all granted
Options +Indexes
</Directory>

How to configure different Virtual Hosts based on apache + php_cgi and apache+mod_php?

everybody.
I have a Cent OS 6.6 server with Apache + mod_php site (site1.local). I need to configure second site (site2.local) with php_cgi. So, I created a user, gave him permissions on www-folder, configured site1 as mod_php, created a phpinfo.php. Also, I installed php-cgi,and try to configure virtual hosts, works only first site, on the second site is error:
the requested url /cgi-bin/phpinfo.php was not found onthis server.
That's my configs:
cat /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerAdmin webmaster#site1.local
DocumentRoot /var/www/wwwmaster/site1.local
ServerName site1.local
ServerAlias www.site1.local
ErrorLog logs/site1.local-error_log
CustomLog logs/site1.local-access_log common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#site2.local
DocumentRoot /var/www/wwwmaster/site2.local
ServerName site2.local
ServerAlias www.site2.local
ScriptAlias /cgi_bin/ /usr/bin/php-cgi/
Action php-cgi /cgi-bin
AddHandler php-cgi php
<Directory /usr/bin/php-cgi>
Allow from all
</Directory>
<Directory "/var/www/wwwmaster/site2.local/">
<FilesMatch "\.php">
SetHandler php-cgi
</FilesMatch>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order Deny,Allow
Allow from all
</Directory>
ErrorLog logs/site2.local-error_log
CustomLog logs/site2.local-access_log common
</VirtualHost>
What I've done wrong and how can I fix that?
You only have to uncomment the line that says NameVirtualServer *:80 in your apache config file.
If you want virtual server for more than one port, simply put as many NameVirtualServer *:[port number] in the apache config file as you need.

Multiples vHosts with XAMPP 1.7.3

I'm trying to configure multiple vhosts on a machine on my network , however, no matter what I use to access servername , the apacche always directs to the first host.
Here it's my vHosts file
<VirtualHost eurekahom:7777>
DocumentRoot "d:\vhosts\eurekahom\controller/"
ServerName eurekahom
# RewriteEngine On
# RewriteOptions Inherit
<Directory />
AllowOverride All
</Directory>
php_value include_path ".;d:\vhosts\eurekahom\controller\includes/"
</VirtualHost>
<VirtualHost eurekades:7777>
DocumentRoot "d:\vhosts\eurekades\controller/"
ServerName eurekades
<Directory />
AllowOverride All
</Directory>
php_value include_path ".;d:\vhosts\eurekades\controller\includes/"
</VirtualHost>
<VirtualHost mauricio:7777>
DocumentRoot "d:\htdocs\mauricio"
#\controller/"
ServerName mauricio
# RewriteEngine On
# RewriteOptions Inherit
<Directory />
AllowOverride All
</Directory>
php_value include_path ".;d:\htdocs\mauricio"
</VirtualHost>
Did anyone know what's happend?
I believe for virtual hosts there are IP-based matching and server name matching. So whatever you type here: <VirtualHost ________:7777> should be an IP address. Since you don't want to match by IP, you can just leave a *:7777.
So yes, all your statements will start with <VirtualHost *:7777>. When a request comes for that 7777 port, Apache will then try to match by server name, and then the ServerName parameter will be considered.
There might be more issues with the <Directory> statement too, but I believe that is not what was causing Apache to always use the first VirtualHost all the time.
The following link is very useful, as it helped me when I had a very similar problem:
https://wiki.apache.org/httpd/CommonMisconfigurations
I usually don't specify the host name in the VirtualDirectory element, instead leaving it at *:7777
Also, for directories outside my htdocs folder, I use additional Directory options:
<Directory "C:\Projects\spacelysprockets">
Options All
AllowOverride All
Require all granted
</Directory>