.htaccess deny from all - .htaccess

I have copied one of my old applications and renamed it to New_application. I want to access .htaccess file that is inside the New_application folder. When I opened it with my text editor, it just showed Deny from all. I tried to open .htaccess in my old application, it showed Deny from all too. I remember I was able to edit it before but not sure what I can't now. Any thoughts? Thanks a lot.

Deny from all
is an .htaccess command (the actual content of that file you are trying to view). Not a denial of being able to edit the file. Just reopen the .htaccess file in the text viewer of choice and make the alterations as you so desire, save it, then reupload it to your folder of choice.
Though I think inadvertently you are blocking even yourself from viewing said application once uploaded.
I would do something like:
order deny,allow
deny from all
allow from 127.0.0.1
which will deny everyone but the IP in the allow from line, which you would change the IP to match your IP which you can obtain from http://www.whatismyip.com/ or similar site.

This syntax has changed with the newer Apache HTTPd server, please see upgrade to apache 2.4 doc for full details.
2.2 configuration syntax was
Order deny,allow
Deny from all
2.4 configuration now is
Require all denied
Thus, this 2.2 syntax
order deny,allow
deny from all
allow from 127.0.0.1
Would ne now written
Require local

You can edit it. The content of the file is literally "Deny from all" which is an Apache directive: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny

A little alternative to #gaspĀ“s answer is to simply put the actual domain name you are running it from. Docs: https://httpd.apache.org/docs/2.4/upgrading.html
In the following example, there is no authentication and all hosts in
the example.org domain are allowed access; all other hosts are denied
access.
Apache 2.2 configuration:
Order Deny,Allow
Deny from all
Allow from example.org
Apache 2.4 configuration:
Require host example.org

Related

Apache configuration 2.4

I need to perform the following configuration on my Apache server, version 2.4, with CentOS system.
The instructions I received are as follows:
Configuring Another Web Server to Serve the Files If another web
server is using port 80 on the same server as Centova Cast, you will
need to use this method.
This method depends upon your knowledge of the other web server you
are using; you must be familiar enough with your web server of choice
to configure it appropriately. Centova Technologies cannot provide
support or assistance with any changes to your web server's
configuration.
To allow "Let's Encrypt" to validate your domain ownership, you must
configure your web server such that any requests for files under the
following URI (replacing example.com with your own domain name):
http://example.com/.well-known/acme-challenge/ ...are configured to
serve files from the following directory:
/usr/local/centovacast/etc/ssl/acme-challenges/ So for example, if you
create a file called
/usr/local/centovacast/etc/ssl/acme-challenges/test.txt, you should be
able to visit http://example.com/.well-known/acme-challenge/test.txt
in your browser and see the contents of the test.txt file.
A few example configurations are provided below. Please note, however,
that differences in your web server configuration may require
additional settings not mentioned here.
Example apache:
Alias /.well-known/acme-challenge /usr/local/centovacast/etc/ssl/acme-challenges
<Directory /usr/local/centovacast/etc/ssl/acme-challenges>
Options None
AllowOverride None
Apache 2.x
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
Apache 2.4
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Directory>
I've tried everything and I can't get it to work, how should the correct configuration be done?
My configuration file is located at: /etc/httpd/conf/httpd.conf

How to get htaccess to deny acess to a single I.P. on openshift?

I want .htaccess to selectively ignore some I.P. addresses.
I'm pushing the .htaccess file to http://modeldoc-treaties.rhcloud.com/wiki/extensions/log/ip.txt
I know that the .htaccess is being read because when it includes
deny from all
then I get the message "Forbidden".
But when I change the .htaccess file to say
deny from <my current I.P from whatsmyip>
then I'm not denied access.
Edit: after shooper's suggestion I tried (to allow just me)
Order Deny,Allow
deny from all
allow from <my.ip>
which blocks me, and also (to deny just me)
Order Allow,Deny
allow from all
deny fro <my.ip>
which allows me. So I guess the problem is I don't know what my i.p. actually is once it gets forwarded on openshift.
OpenShift has a reverse proxy in front of your application, so the ip that shows up to your .htaccess file is not the users real ip, it is stored in the x-forwarded-for header.
I think you probably need the "Order" directive as seen at http://httpd.apache.org/docs/2.2/howto/access.html.
Order deny,allow
Deny from <your current I.P. address>
Allow from all

Protect restrict Solr Admin url from external user using .htaccess or tomcat

I have recently installed Solr on server and i want to restrict only local users can access it with .htaccess
site.com:8983/solr/admin [ restrict all user]
And below is the .htaccess code
RewirteRule on
<FilesMatch "127.0.0.1:8983/solr/admin">
Order Deny, Allow
Deny form all
Allow 127.0.0.1
</FilesMatch>
Or is there any method we can protect / restrict Solr Admin on site.com:8983/solr/admin accessing from other users
Only local ip users can use it..
And i tried this one, but its not working.
Your <FilesMatch "127.0.0.1:8983/solr/admin"> line will never match anything because you've stuck the hostname and port in the regular expression. Try using the Location container instead:
<Location "/solr/admin">
Order Deny, Allow
Deny from all
Allow 127.0.0.1
</Location>
Or better yet, Directory:
<Directory "/path/to/your/document/root/solr/admin">
Order Deny, Allow
Deny from all
Allow 127.0.0.1
</Directory>
You'll need to fill in the full path to the solr/admin directory.
Get rid of the RewirteRule on line, it doesn't do anything and it's not even spelled right and will cause a 500 error.
However, neither of these directives can be use in an htaccess file. You need to use these in either the server of vhost config. If you must use an htaccess file, then create an htaccess file in your solr/admin directory and simply put these directives in it:
Order Deny, Allow
Deny from all
Allow 127.0.0.1
Or, in the htaccess file in your document root:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteRule ^/?solr/admin - [L,F]
Check following links. Hope they will help you.
Restrict Solr Admin Access
Solr Security
Securing Solr administrative console
How to protect Apache Solr admin console

Unable to hide htaccess file

I'm having a difficult time hiding my .htaccess file -- I double-checked to ensure the following was present in httpd.conf:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
Other allow/deny directives on directories are working and the directives in the visible .htaccess file are working.
We are running Red Hat Enterprise Linux Server release 6.3 (Santiago) and Apache/2.2.15.
My question: Aside from the obvious of, "Why is the .htaccess file still visible?" Is there some other directive that would override this directive or might I have a module missing? (I would think apache would throw an error if this were the case.)
I restarted apache after any changes to this file and even rebooted as a sanity check. I also made some other changes to this file to ensure that I was working on the correct configuration file.
Have you taken a look at How <Directory>, <Location> and <Files> sections work? It seems that there might be another directive (probably Location) evaluated later, which overrides your Files directive. It's hard to diagnose more without further details of your Apache configuration.

Restrict accesses to the uploaded contents in Wordpress (through plugin or httpd config)

We have Wordpress website on our linux system. It host number of private files which are visible to who can login. We set the permission of those files as full-read (rwxr-xr-x). The problem is all the content are accessible to anyone who has the direct link! The main question is how can I restrict accesses to these direct link only to logged-in users?
Is there any Wordpress plugin or httpd configuration doing this?
I would place a .htaccess file with deny from all clause within the root of the uploads folder.
I tackled the problem temporarily by modifying httpd.conf to add special policy for the uploads sub-directories:
<Directory /var/www/wp-content/uploads>
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from XXX.XXX.XX
Deny from all
</Directory>
This permits only to our local users to access the contents. However, I am still curious how wordpress can permit this access to only logged in users.

Resources