I'm configuring an Apache2 server, but I'm having trouble figuring out how to deny access to all files/directories except the index file.
My website resides inside /var/www/
This is my current setup in the /etc/apache2/apache2.conf file:
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
<Directory /var/www/>
Order Allow,Deny
Allow from all
</Directory>
How do I solve my problem? Thanks!
Try adding a <FilesMatch> for index.php. If it doesn't work in this position, move it above the directory's Deny from all. Change index.html to whatever your index file is.
<Directory />
Order Deny,Allow
Deny from all
Options None
AllowOverride None
</Directory>
<Directory /var/www/>
# Deny first, then allow
Order deny,allow
# Deny everyone from everything
Deny from all
<FilesMatch index\.html>
# but allow index.html
Allow from all
</FilesMatch>
</Directory>
I think you're better off simply piping everything to the index file, not denying access to everything else.
This can be done through RewriteRule:
RewriteEngine On
# index goes to index (this is first to prevent infinite loop)
RewriteRule ^/index\.html$ - [L]
# everything else goes to index
RewriteRule .* /index.html [L]
Related
Python-3.8/Django-3.2/Mezzanine-6.0 application tries to access incorrect pages when executed by apache. In standalone mode (python manage.py runserver) it creates correct address /admin/page_types/basicpage/2677/change/ whereas in apache mode it creates address /admin/page_types/basi/admin/pages/page/2677/change/ in the same place.
Edit:
It seems to be the get_script_prefix() function in django/urls/base.py that returns incorrect prefix when accessing page 2677 in apache mod_wsgi daemon mode. In embedded mode the fault does not happen.
I don't even uderstand how this fuction call return getattr(_prefixes, "value", '/') can work as the _prefixes object does not have attribute named "value".
The _prefixes object comes from asgiref:
from asgiref.local import Local
_prefixes = Local()
Furthermore: why does django use asgiref also when not not excuted using ASGI https://asgi.readthedocs.io/en/latest/ ?
Apache configuration:
[django#tkpika03p ~]$ cat /etc/httpd/conf.d/pika.conf
#
# VirtualHost template
# Files must have the .conf suffix to be loaded.
#
# NameVirtualHost statements can be added to /etc/apache2/listen.conf.
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
ServerAdmin palvelin.hallinta#<myDomain>
ServerName pikaappm.<myDomain>
ServerAlias tkpika03p.ad.<myDomain>
DocumentRoot /srv/www/htdocs
ErrorLog /var/log/httpd/pika-error_log
CustomLog /var/log/httpd/pika-access_log combined
LogLevel warn
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# configures the footer on server-generated documents
ServerSignature Off
Alias /static/ /srv/django/pika/pika/static/
Alias /site/ /srv/django/pika/pika/static/site/
<IfModule wsgi_module>
WSGIDaemonProcess pika_wsgi user=django group=django home=/srv/django python-home=/srv/django/pika-env python-path=/srv/django/pika
WSGIProcessGroup pika_wsgi
WSGIScriptAlias / /srv/django/pika/pika/wsgi.py
WSGIApplicationGroup %{GLOBAL}
</IfModule>
<Directory "/">
require all granted
</Directory>
<Directory "/srv/www/htdocs">
Options Includes FollowSymLinks
AllowOverride FileInfo
<Limit GET OPTIONS>
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Limit>
</Directory>
<Directory /srv/django/pika/pika>
<Files wsgi.py>
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Files>
</Directory>
<Directory /srv/django/pika/pika/static>
# Options Indexes Includes FollowSymLinks
# AllowOverride FileInfo
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Directory>
<Directory /srv/django/pika/pika/static/site>
# Options Indexes Includes FollowSymLinks
# AllowOverride FileInfo
<Limit GET OPTIONS>
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Limit>
</Directory>
<Directory /srv/django/pika/pika/media>
# Options Indexes Includes FollowSymLinks
# AllowOverride FileInfo
<Limit GET OPTIONS>
<IfModule access_compat_module>
Order allow,deny
Allow from all
</IfModule>
<IfModule !access_compat_module>
Require all granted
</IfModule>
</Limit>
</Directory>
<Location />
Options Indexes Includes FollowSymLinks
SetOutputFilter INCLUDES
AddOutputFilter INCLUDES .html .ssi .css
# Order deny,allow
# Require all granted
</Location>
</VirtualHost>
I have .htaccess file:
Order deny,allow
Deny from all
# deny view files in directory
Options -Indexes
<FilesMatch "index\.php|profile\.php|newgame\.php|game\.php">
Allow from all
</FilesMatch>
It works well, I can open index.php or profile.php for url like site.com/index.php. But I can't open site for url site.com. Why? I give access to index.php. Isn't site.com the same of site.com/index.php. How to change .htaccess file to take into account this situation?
UPDATE
apache2.conf contains:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
You need to configure apache to recognize index.php as index file.
Add
DirectoryIndex index.php
folders on server
/test
/test1
/test2
.htaccess
Order Deny,Allow
Deny from all
Allow from **.***.***.**
<Directory /test>
Options +Indexes
Allow from all
</Directory>
We are use .htaccess but adress http://test.com/test/ not work. Tell me please where errror ?
i have a directory with .htaccess with deny
deny from all
and inside that directory there is another directory with .htaccess like this:
<Directory "/dir1/dir2">
Options All
AllowOverride All
Order allow,deny
Allow from all
</Directory>
How can i deny the access to second directory with htaccess on first directory?
Thanks for answers.
<Files *>
deny from all
</Files>
did the job :)
We have many, many sites, all of which contain a "customer/uploadsfolder". We have to allow uploading, but want to block any GIF files, as well as turn off PHP in the folder as shown below. The question is, do we need one entry for every folder, or can wildcards/regex be used?
<VirtualHost *:80>
<Directory /customer/uploadsfolder>
deny from all
<Files ~ "^\w+\.(gif)$">
order deny,allow
allow from all
</Files>
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
</Directory>
</VirtualHost>
Yes, use LocationMatch (or "Location ~").
<LocationMatch "\/customer\/uploadsfolder\/.*\.(php|gif)">
order allow,deny
deny from all
</LocationMatch>