I have a curious situation: I would like to block the listing of files in a directory. Therefore I wanted to use a htaccess file. I am using an Apache webserver.
This is my configuration of my webserver:
<VirtualHost *:443>
DocumentRoot /var/www/html
<Directory /var/www/html>
AllowOverride All
</Directory>
ServerName www.example.com
<Directory /var/www/html/Files>
Options FollowSymLinks
# Options -Indexes
AllowOverride All
</Directory>
<Directory /var/www/html/Files/admin>
AllowOverride All
</Directory>
In the admin directory there is a .htaccess file with this content:
Options -Indexes
I also restarted Apache without any effect. Apache runs without an error, but the directory still listens the files. The URL for the directory is https://example.com/Files/admin
Do you have any idea why it might not work? I have read that AllowOverride is required. And this seems to be the case.
I got the solution. I needed to change the file /etc/apache2/apache2.conf and than it worked well.
Related
I've installed LAMP stack on a digitalocean droplet running on Ubuntu. I have a file called "/restful/post.php".
using "https://url/restful/post.php" works just fine, however, I want to make it SEO friendly, sth like "/restful/post".
my htaccess is in the root folder "html/var/www" and has the following:
RewriteEngine on
RewriteRule ^/restful/post(.*)$ /restful/post.php?p=$1
I have got a2enmode enabled, AllowOverride is set to All in "/etc/sites-available/*".
for the 000-default.conf, I've got:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
Redirect / https:/url
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
and for the 000-default-le-ssl.conf, I've got:
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
All the answers to the questions I've seen didn't fix my issue and I'm not really sure what I'm missing here.
I recently created a virtual host with WampServer (Version 2.4) so I can access my local website with the url http://yannbergonzat.local :
<VirtualHost *>
ServerName yannbergonzat.local
DocumentRoot "F:\Projets\Web\yann"
DirectoryIndex index.php
</VirtualHost>
And here is the Directory tag from httpd.conf :
<Directory />
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
This website is made with Symfony2, so yannbergonzat.local leads to a folder. If you want to access the actual website, you have to go to yannbergonzat.local/web/app.php .
I created a .htaccess file so the website can be seen with yannbergonzat.local :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ web/$1 [QSA,L]
</IfModule>
And now is the problem. Depending on the value of AllowOverride, there are errors.
When AllowOverride is set on "all"
The .htaccess file is read, the site can be accessed on yannbergonzat.local, but the resources (stylesheets, javascripts) which are in another folder cannot be accessed (error 403)
When AllowOverride is set on "none"
The .htaccess file is not read, the site can not be accessed on yannbergonzat.local (it shows the content of the folder), you have to write the entire url (yannbergonzat.local/web/app.php), but the resources (stylesheets, javascripts) which are in another folder can be accessed.
What should I do to have the website on yannbergonzat.local with the resources from other folders working fine ?
This change to httpd.conf is VERY DANGEROUS
<Directory />
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
as it allows all access to the whole of the drive you installed WampServer( Apache ) onto, if thats the C:\ drive you are making a hackers life very easy!
You should change httpd.conf that back to
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
And add the directory specification to your VHOST definition like this
<VirtualHost *:80>
ServerName yannbergonzat.local
DocumentRoot "F:\Projets\Web\yann"
DirectoryIndex index.php
<Directory "F:\Projets\Web\yann">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
</VirtualHost>
AllowOverride none is an instruction to Apache to ignore any .htaccess files, so that explains what you have described.
When setting up a Symfony2 site this is the recommended config for a Virtual Host setup. You specify the /web folder as the DocumentRoot
See documentation
So I am assuming (you dont specify the actual folder structure) you would need something like this:
<VirtualHost *:80>
ServerName yannbergonzat.local
DocumentRoot "F:/Projets/Web/yann/web"
DirectoryIndex index.php
<Directory "F:/Projets/Web/yann/web">
# enable the .htaccess rewrites
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
This will almost definitely fix your 403 error as you are now granting access Require all granted to the folder that the site actually exists in.
This code worked for me:
sudo chmod -R 755 /var/www/***
Makes sure SELinux is not in not blocking access to your web directory:
chcon -R -u system_u -t httpd_sys_content_t /home/user/www
here i am stuck with a small problem. I have a site built in Yii framework. It runs without any problem with http protocol (the index.php in url is hidden and all urls work fine). I have hosted this in amazon ec2 services. i have the following lines in my .htaccess file
Options +FollowSymLinks
IndexIgnore */*
RewriteEngine on
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
but when i use https to browse the site (note: i have it all configured) , the home page loads normally. but the other urls does not work and requires /index.php/ to be added. what am i missing here?
dying for answers.
thanks in advance.
To get mod_rewrite working not only mod_rewrite must be installed, but also check in the Apache directory config (/etc/apache2/sites-enabled/000-default on Ubuntu installed via apt-get) if the rule "AllowOverride None" exists in your project's directory config. If so, change it to "AllowOverride All".
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
**AllowOverride All**
mod_rewrite can be installed by remove comment from this line
#LoadModule rewrite_module modules/mod_rewrite.so
After a long search for the .htaccess configurations, main file configurations, the solution was found in /etc/apache2/sites-enabled directory , in the default-ssl file. (thanks to Hemc's answer)
this is what i did. this may help some others:
first move to the apache's sites-enabled directory
cd /etc/apache2/sites-enabled
then open default-ssl file
sudo vi default-ssl
then change AllowOverride None to AllowOverride All
Actually this is in the top of my file and it works fine .ie. my index.php is properly hidden and urls work fine :)
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
And finally after saving and quitting, dont forget to restart your apache
sudo service apache2 restart
thanks
I was wondering if I can set the server external IP as a domain for testing.
On my Amazon server setup it works because all the domains point to the same folder.
domain1.com - /var/www/domain1
domain2.com - /var/www/domain2
ex.ter.nal.ip - /var/www/
So I can use ex.ter.nal.ip/test for a testing website.
On my Linode setup I moved the folders inside the user directories
domain1.com - /home/user1/public/domain1
domain2.com - /home/user2/public/domain2
ex.ter.nal.ip goes to domain2.com (I think it points to the last enabled site in Apache -a2ensite)
Is there a way to make it work?
I tried adding a vhost with with the /home/test DocumentRoot, but then all the websites point to the test directory.
My domain vhost file looks like this:
<VirtualHost *:80>
ServerName www.domain1.com
ServerAlias domain1.com
DirectoryIndex index.html index.php
DocumentRoot /home/user1/public/domain1.com/public
<Directory /home/user1/public/domain1.com/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
My testing one looks lithe this, but when enabled all the domains point to the test folder
<VirtualHost ex.ter.nal.ip>
ServerName ex.ter.nal.ip
DirectoryIndex index.html index.php
DocumentRoot /home/test/public
<Directory /home/test/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
I have a copy of my website at localhost at:
/var/www/vhosts/mysite.com/httpdocs
This is my /etc/apache2/sites-available/mysite
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/vhosts/mysite.com/httpdocs
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
I've copied htaccess.txt to .htaccess. When I activate friendly URL and URL rewriting, I get 404 errors.
I've uncommented this lines in .htaccess, but still does not work:
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
I also tried to change rewritebase to
RewriteBase /mysite
with no luck.
What I'm doing wrong?
No sure if this is the issue you are experiencing, but I have experienced that rewriting does not work well on "localhost". Try and change your hosts file to say
127.0.0.1 mysite.local
And then access it on that url.
Not sure if that will work but it is worth a try.
Solved!
I had a conflict with different entries in /etc/apache2/sites-available.
When I create a new site at localhost, I copy default to mysite, and modify the mysite file to point to it's DocumentRoot.
I don't know exactly why, but if I disable default site:
sudo a2dissite default
it works.
Maybe this does'nt solve the question, but I prefer to issue another question more specific to this problem, because I've tested and it's related to different sites enabled and one or more with RewriteEngine enabled.