Directory require all denied not working - linux

I created a virtual host and tried to forbid access to it by using the directory directive with Require all denied.
<VirtualHost *:80>
DocumentRoot /var/www/test
<Directory /var/www/test/>
Require all denied
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
However, the users have still access to every page. How can i solve this?

These directives won't do anything if they're in a VirtualHost not matched by the current request.
Your VirtualHost has no ServerName nor ServerAlias, which is the primary means of having a VirtualHost used for a request.
If you think configuration is being ignored, step is to verify that this VirtualHost is in use. One simply way is to define a unique logfile for the virtual host. Yours does not look unique.
apachectl -S will quickly summarize your virtual hosts.

The Require must not be combined with the deprecated Order, Allow, Deny directives (since Apache 2.4).
Review all the configuration files and replace Order/Allow/Deny with Require, possibly combined using RequireAll, RequireAny, RequireNone.
Note that the configuration is not necesarrily located in the single file holding <VirtualHost>. You need to review all the server configuration files.
E.g. on Ubuntu this includes:
all files in /etc/apache2/sites-enabled
all files in /etc/apache2/conf-enabled
depending on AllowOverride setting you may need to review all the .htaccess files for any directories reachable from the web

Related

Apache on Raspberry Pi - can't serve files from a different drive - causes 403 error

I got a Raspberry Pi yesterday and have mounted an additional hard drive on it. I'm planning to use it on a web server. However, I wish to host my files on the hard drive, not the small SD card where the OS is located.
I installed Apache and created a Virtual Host config file, specifying the DocumentRoot and the directory on the external HDD where the website is located. However, it gives a 403 error. The system log gives the following information:
Permission denied: [client 123.456.789.1250527] AH00035: access to / denied (filesystem path '/media/myusername/myHDD') because search permissions are missing on a component of the path
I've tried a number of different things: setting the DocumentRoot to /var/www/html but specifying the path to the HDD in the Directory tag, changing the DocumentRoot in the default site to the path to the HDD's directory that I want to serve, adding the line DocumentRoot "/media/myusername/myHDD" in the apache2.conf file. I changed the ownership of the /myHDD folder to the www-data user. I eventually deleted the /var/www/html folder and created a symlink to the HDD's directory with the name html, but that causeed this error:
AH00037: Symbolic link not allowed or link target not accessible: /var/www/html
What do I need to do to make Apache serve these websites that are on the HDD and not the system SD (only 16GB)? Here is my VirtualHost config:
<VirtualHost *:80>
ServerAdmin me#myemail.com
ServerName myurl.com
ServerAlias www.myurl.com
DocumentRoot "/var/www/html"
Alias "/webals" "/media/userName/MyHardDrive/public_html/myurl.com/"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/media/userName/MyHardDrive/public_html/myurl.com">
Require all granted
Order allow,deny
Allow from all
</Directory>
I'm not sure what is going on here. Haven't really used Apache much in the past - have preferred nginx.
Any help here would be good.

Cloud Agent, Apache, and drupal's .htaccess

Installed Apache and Cloud Agent.
Agent collects information from mod_status. Everything is ok.
However, when I add drupal files (with .htaccess), Agent can't collect stat anymore.
I already tried many configuration and now I am super confused about VirtualHosts. I used standard agent's configuration for virtualhost:
ExtendedStatus on
<VirtualHost 127.0.0.1:80>
ServerName local-stackdriver-agent.stackdriver.com
<Location /mod_status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
</VirtualHost>
In http.conf I changed only DocumentRoot.
Can someone please explain me why the requests go to drupal's folder, and not to local-stackdriver-agent.stackdriver.com VirtualHost?

Virtualhost Document Root changing web root for entire server

I currently have example.com pointing to Server one. I wanted to server example.com from a different directory ( /WebData )
I did this by editing httpd.conf
http://pastebin.com/UjHhRNTX
I this works as desired.
I then found out I needed to add website.org to the server. So I mounted another disk and created a dir called /WebDataWebsite
and created /etc/httpd/conf.d/websiteorg.conf with the following VHost:
http://pastebin.com/GTmqtABf
<VirtualHost *:80>
DocumentRoot "/WebDataWebsite"
ServerName website.org
ServerAlias www.website.org
<Directory "/WebDataWebsite">
Require all granted
</Directory>
</VirtualHost>
For some reason all traffic to example.com and website.org were both directed to index.htm in /WebDataWebsite
What I am doing wrong? How to I make /WebData (in httpd.conf) the default website but filter by servername website.org with the VHost?
You'll probably need to use Alias's for the second site. Have a look at http://httpd.apache.org/docs/2.2/mod/mod_alias.html#alias
It's unlikely that second declaration of the VH is being picked up by apache as it can not deal with two declarations of the same I believe.

Disabled PHP for Single Directory with HTACCESS (PHP-FPM)

I want to disable the parsing of PHP files in a specific directory, and found out how to do that here. The problem is that my server uses PHP-FPM, and I get Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration when I try to use php_flag in my httpd.conf file.
How can I disable parsing of PHP files in a given web-accessible directory with an htaccess/httpd.conf file that is located above web root on a server using PHP-FPM?
Since Fedora 27 switched to php-fpm recently, I, too, ran into this problem. Unfortunately, the old ways of doing things with mod_php do not apply to php-fpm.
I did find another question here that definitely seemed more relevant:
Apache: Disable php in a directory
The gist of it was was to use a <directory> and <filesmatch> block in your config file, and use SetHandler ! for every directory you didn't want PHP code interpreted.
e.g.:
<Directory "/path/to/no/phpfiles">
<Files "*.*">
SetHandler !
</Files>
</Directory>
This is tested and working on Fedora 27, PHP-FPM 7.1.12.
Unlike using the fpm configs directly, this technique works recursively, so placing it at the top level of a tree of stuff you don't want PHP interpreting works as expected.
I disable .htaccess files in my configurations, but this technique should still work. However, <directory> is not valid inside a .htaccess file. Hopefully just removing it, and leaving:
<Files "*.*">
SetHandler !
</Files>
Should be sufficient.
How can I disable parsing of PHP files in a given web-accessible
directory with an htaccess/httpd.conf file that is located above web
root on a server using PHP-FPM?
You can't persay the way you're trying it without mod_php (which you don't want) which is why you're getting that error. PHP-FPM is not an Apache module. It runs independent of Apache. That's actually it's purpose to be used on heavily loaded sites and it can control all the PHP processes.
One way you might be able to achieve this is to specify the exact path you want to run PHP, in your virtualhost file with the Directory directive. Instead of just having the PHP handler stuff, enclose it with the Directory directive with the actual path you want it to run. Here is an example.
<VirtualHost *:80>
ServerAdmin webmaster#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html/
ErrorLog /var/www/example.com/error.log
CustomLog /var/www/example.com/access.log combined
<Directory /path/to/php/only/folder/>
#then you PHP handler stuff
<IfModule mod_fastcgi.c>
AddType application/x-httpd-fastphp5 .php
Action application/x-httpd-fastphp5 /php5-fcgi
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi_example.com
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi_example.com -socket /var/run/php5-fpm_example.com.sock -pass-header Authorization
</IfModule>
</Directory>
</VirtualHost>
Then restart Apache. This should limit it to that directory. You might have to remove the php handler info from the other config so it's not overwritten.
Note I have not tested this solution.

Problems with Apache Virtual Hosts

I have recently just set up a RHEL based server running two domains. However, I am having difficulty hitting both domains from the browser. My config is:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName domainA.com
ServerAlias domainA.com *.domainA.com
DocumentRoot /home/domainA/public_html
<Directory "/home/domainA/public_html">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName domainB.com
ServerAlias domainB.com *.domainB.com
DocumentRoot /home/domainB/public_html
<Directory "/home/domainB/public_html">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
The problem is when I navigate to domainA.com I hit the correct Virtualhost (which is fine), however when I navigate to domainB.com it displays the Apache Test page.
Edit
I have a Firewall between the webserver and the web. I tested the rules governing Domain A and Domain B.
Domain A reaches target and a status 200 is returned.
Domain B reaches target and a status 403 (permission denied) is returned
What you need to do is take a look at sites-enabled and sites-available.
Here's the first entry when Googling: http://www.debian-administration.org/articles/412
Looks reasonable and should help you integrate that.
The problem is that you need separate entries for all the sites you want to run on this apache2. Simple entries in your config file don't do it. Only the first works, the rest is more or less ignored. Creating separate entries with sites-enabled and sites-available is the way to go here.

Resources