I have an index.html file in my Apache DocumentRoot directory but when I go to my URL, I am still getting a directory listing of my DocumentRoot directory instead of the index.html file being displayed. The apache access_log shows 200's when I reload the page. Any suggestions?
Use
DirectoryIndex index.html
It tells apache what document to show for a directory request.
update
You should specify just the filename that apache will look for in the folder requested.
Not saying this will fix it for you, but for me when first getting started with Apache2 it was file permissions that would get forgotten when moving or writing new file under the web root directory
ls -hal /var/www/host_one/index.html
If above doesn't have read (r) permissions for the same user:group or if the ownership doesn't include the user/group of the web server, then try the following for allowing group reads
# Modify ownership, change 'www_host' to Apache2 group
chown ${USER}:www_host /var/www/host_one/index.html
# give read+write (6) to user and read (4) to group owners
chmod 640 /var/www/host_one/index.html
Try refreshing the website and see if permissions where the issue. Note most web documents only require read permissions and ownership to be correct for browsers to be allowed to pick them up for rendering, on rare occasions you may need executable (1 or x) permissions for server scripts (be cautious of ownership in such cases) and last write permissions (2 or w) should likely never be seen without good reasons on files within your web root.
Second thing to try, use the index.html within your browsers URL bar
# by IP
http://192.168.0.100/index.html
# by domain
http://site-name.local/index.html
If the above loaded your document then, like #Pekka 웃 stated already, you've likely got a server option that's missing or enabling directory listings instead of looking for a index page within that directory. If this is the problem then there's two ways of fixing it that I've tried in the past. One, htaccess configuration to disable directory listing within that sub-directory, two, server vhost configuration to prevent whole site from directory listings. Personally I prefer to use option two and then on directories that should be allowed to be listed place an htaccess config for permissions instead of denials.
Related
I have a website that can have images in varying directories. I'm
running Linux and some of the images can be in /tmp/ while others in a directory that isn't within the codebase's one. So for example, I have:
/tmp/
/home/work/codebase/htmlfiles
/home/stuff/stuff/images
The code I'm using to try and access these directories is this:
<img src="' + path + image + '">;
Where path is the directory and image is the filename. Path does end
with /. Currently it will just give 404 errors even when I have
confirmed that there is such a file in that directory.
Am I missing something? Does HTML not allow you to navigate from the
root directory?
Your web server presents the files based from a web root directory.
So if your website is in /home/stuff/stuff the webserver does the following translation:
/index.html -> /home/stuff/stuff/index.html
/images/image1.png -> /home/stuff/stuff/image1.png
/tmp/ -> /home/stuff/stuff/tmp/
To do otherwise would be a massive security risk, allowing any online user to pull arbitrary files from your system.
There are a few possible solutions to this, what is best will depend on your situation.
You can map web paths to different paths on thy system
http://httpd.apache.org/docs/2.0/mod/mod_alias.html#alias
You can symlink the directories holding your images into the webroot. Ensure that you allow the webserver to follow symlinks.
https://superuser.com/questions/244245/how-do-i-get-apache-to-follow-symlinks
You can also hard link the files to exist in the webroot, you can use a serverside scripting language, or simply move the files.
I have http://192.168.230.237:20080 Server
file located on "/etc/Jay/log/jay.txt"
I tried with "http://192.168.230.237:20080/etc/Jay/log/jay.txt" this link gives me "404 NOT Found"
Here I can I link my file to link
Your HTTP server will have a configuration option somewhere (Apache HTTPD calls it DocumentRoot) which determines where http://example.com/ maps onto the filesystem of the computer.
Commonly this will be /var/www/.
Unless you change it to / (which would expose your entire filesystem over HTTP and is very much not recommended), you can't access arbitrary files on the computer.
/etc/ is used to store configuration information for software installed on the computer. It should almost never be exposed outside the computer.
The best solution to your problem is probably:
Look at the configuration of your HTTP server and identify the document root (e.g. /var/www/)
Move your website files to that directory
If you really want to expose files under /etc via HTTP then you could also change the document root.
Your webserver might also support features like Apache HTTPD's Alias directive which allows you to map a URL onto a file that can be outside the DocumentRoot.
I am tinkering around with webpages on a LAMP server running Apache2 and was wondering if it was possible to make a directory accessible only to your web pages and not from outside?
Example scenario:
Directory to protect: dir1 containing images (jpg, png)
My own webpage: mypage.html that calls images from dir1
My website: www.myweb.com that contains both dir1 and mypage.html
Currently, files inside the website can be accessed via www.myweb.com/dir1/somefile.jpg or by calling mypage.html
I would like it to only be accessible by calling mypage.html
I have tried the following:
modifying .htaccess to disallow access of image types
<files "*.jpg">
deny from all
</files>
(doesn't work because mypage.html cannot access it either)
Modify apache2 conf file with:
<Directory /var/www/dir1>
AllowOverride None
<Limit GET POST OPTIONS>
Order deny,allow
Deny from all
</Limit>
</Directory>
(this actually semi-worked as it allowed me to write to directory but not read, maybe this can be modified to allow requests coming from internal web pages to go through?)
I guess to conclude, is there a way to get Apache2 to ONLY accept requests to access a directory if it is of a certain url of your choosing?
Thanks in advance.
So, I've decided that the approaches I've taken so far really don't cut it and found you could actually call a php function where
<img src='somefile.php?query=xxx' alt='pic'>
and where in the somefile.php I have that takes in img file name created from the query above.
echo file_get_contents($imgresource);
By serving the image from a php script and blocking this php script from being called without proper credentials, sessions, cookies and IP blocking, there is some security set.
So I guess it doesn't really answer the question in its entirety of blocking access only to some URLs but it works for the purpose of not being able to be accessed externally since I have buried the directory below (or above?) the web root directory where it can't be called from a url and only from internal script.
I've been following the Fortrabbit's guide to install phpMyAdmin.
I've managed to put the folder in my htdocs, but from what I read I must actually upload it into the app root below htdocs. Problem is the app root has write protection and I can't seem to change permissions via SFTP.
Any solutions?
Edit
Solved. I had my Root Path under settings set to htdocs/public, so I couldn't hit the phpMyAdmin folder. Setting the Root Path back to htdocs/ enabled me to access it like normal.
Where did you read it must go to the app root? I don't see that in the tutorial, but admit I may have missed it. Also, I'm not clear what you mean by "app root".
Note that in this case, there are three different 'root' folders, be careful not to get confused.
The file system root, /. All the files on your server live here. Depending how fortrabbit configures their system, you may not even have access to this.
The web folder root. Files in this folder and below are available online through your webserver.
The SFTP root. This also depends on how fortrabbit configures their server, it could be your web root, the file system root, or your home directory. You may be able to change to other folders, or maybe not.
Normally, htdocs is the root or base folder where your webserver is looking for files to serve. It isn't clear from my browsing the fortrabbit site if they do anything odd with their configuration, so this is a close approximation for what most servers look like. For the sake of illustration, we'll pretend that htdocs is in /var but it can be anywhere on disk.
So the file system might look a bit like:
/
/bin/
/etc/
/home/MichaelHanslo/
/home/MichaelHanslo/budget_presentation.odf
/var/
/var/htdocs/
/var/htdocs/index.html
/var/htdocs/pma/
/var/htdocs/calendar/
/var/htdocs/calendar/modify.php
/var/logs/
So in that scenario, going to http://example.com/ loads the file /var/htdocs/index.html, going to http://example.com/calendar/modify.php loads /var/htdocs/calendar/modify.php. So in most cases, you want to create a folder under htdocs for phpMyAdmin; you can call it anything you want (in my example above, I used 'pma'). Anyway, if you don't have permission to create the folder under your web root, then you should definitely ask your host for help, because something isn't right.
Hope that helps clear it up for you.
I have installed XAMPP on OSX Lion.
Because I want to serve a folder from one of my development folders I have added a virtualhost to /Applications/XAMPP/xamppfiles/etc/extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin email#gmail.com
DocumentRoot "/Users/myosxUsername/Documents/dir/dir/htdocs"
ServerName qmh
ErrorLog "logs/qmh-error_log"
CustomLog "logs/qmh-access_log" common
</VirtualHost>
and also added an entry to the hosts file
127.0.0.1 qmh
Because of permission issue with the server accessing the directory /Users/myosxUsername/Documents/dir/dir/htdocs I have also changed the user in httpd.conf to my myosxUsername
User myosxusername
Group admin
# previous setting below
# User nobody
# Group nobody
After those changes virtual hosts work fine.
The problem is that when i now use phpmyadmin to create a new database i get the error message
db_create.php: Missing parameter: new_db
if I change the user back to:
User nobody
Group nobody
then phpmyadmin works fine, but my virtualhost directory cannot be accessed due to permission issue.
I assume I somehow have to tell apache to not use the new user for mysql access somehow? Your help is appreciated. Thanks
See item 2.8 from phpMyAdmin FAQ (http://wiki.phpmyadmin.net/pma/FAQ_2.8)
In the php.ini directive session.save_path and upload_tmp_dir, if these directories don't exist, are read-only or not accessable (f.e.
due to base_dir restrictions) this error will occur. See trk
PHP installed from a packages (eg. an rpm) might set the permissions on these directories for an assumed user (eg. 'apache'). -
Users of other web servers, eg Lighttpd, may need to change the
ownership of these directories (eg. to 'lighttpd').
On Windows, if PHP is using directories for session.save_path and upload_tmp_dir that are somewhere within the main "Temp"
directory, you must create those directories yourself; unlike other
Windows programs PHP will not create them itself.
If you are using Hardened-PHP (/suhosin patch) with the ini directive varfilter.max_request_variables set to the default (200) or
another low value, you could get this error if your table has a high
number of columns. Adjust this setting accordingly ( request limits,
thanks to Klaus Dorninger for the hint).
In config.inc.php, try to leave the $cfg['PmaAbsoluteUri'] directive empty. See also FAQ 4.7.
Maybe you have a broken PHP installation or you need to upgrade your Zend Optimizer. See http://bugs.php.net/31134.
In the php.ini directive arg_separator.input, a value of ";" will cause this error. Replace it with "&;".
(tip from https://serverfault.com/questions/385465/phpmyadmin-missing-parameter)