I am tinkering around with webpages on a LAMP server running Apache2 and was wondering if it was possible to make a directory accessible only to your web pages and not from outside?
Example scenario:
Directory to protect: dir1 containing images (jpg, png)
My own webpage: mypage.html that calls images from dir1
My website: www.myweb.com that contains both dir1 and mypage.html
Currently, files inside the website can be accessed via www.myweb.com/dir1/somefile.jpg or by calling mypage.html
I would like it to only be accessible by calling mypage.html
I have tried the following:
modifying .htaccess to disallow access of image types
<files "*.jpg">
deny from all
</files>
(doesn't work because mypage.html cannot access it either)
Modify apache2 conf file with:
<Directory /var/www/dir1>
AllowOverride None
<Limit GET POST OPTIONS>
Order deny,allow
Deny from all
</Limit>
</Directory>
(this actually semi-worked as it allowed me to write to directory but not read, maybe this can be modified to allow requests coming from internal web pages to go through?)
I guess to conclude, is there a way to get Apache2 to ONLY accept requests to access a directory if it is of a certain url of your choosing?
Thanks in advance.
So, I've decided that the approaches I've taken so far really don't cut it and found you could actually call a php function where
<img src='somefile.php?query=xxx' alt='pic'>
and where in the somefile.php I have that takes in img file name created from the query above.
echo file_get_contents($imgresource);
By serving the image from a php script and blocking this php script from being called without proper credentials, sessions, cookies and IP blocking, there is some security set.
So I guess it doesn't really answer the question in its entirety of blocking access only to some URLs but it works for the purpose of not being able to be accessed externally since I have buried the directory below (or above?) the web root directory where it can't be called from a url and only from internal script.
Related
I have an index.html file in my Apache DocumentRoot directory but when I go to my URL, I am still getting a directory listing of my DocumentRoot directory instead of the index.html file being displayed. The apache access_log shows 200's when I reload the page. Any suggestions?
Use
DirectoryIndex index.html
It tells apache what document to show for a directory request.
update
You should specify just the filename that apache will look for in the folder requested.
Not saying this will fix it for you, but for me when first getting started with Apache2 it was file permissions that would get forgotten when moving or writing new file under the web root directory
ls -hal /var/www/host_one/index.html
If above doesn't have read (r) permissions for the same user:group or if the ownership doesn't include the user/group of the web server, then try the following for allowing group reads
# Modify ownership, change 'www_host' to Apache2 group
chown ${USER}:www_host /var/www/host_one/index.html
# give read+write (6) to user and read (4) to group owners
chmod 640 /var/www/host_one/index.html
Try refreshing the website and see if permissions where the issue. Note most web documents only require read permissions and ownership to be correct for browsers to be allowed to pick them up for rendering, on rare occasions you may need executable (1 or x) permissions for server scripts (be cautious of ownership in such cases) and last write permissions (2 or w) should likely never be seen without good reasons on files within your web root.
Second thing to try, use the index.html within your browsers URL bar
# by IP
http://192.168.0.100/index.html
# by domain
http://site-name.local/index.html
If the above loaded your document then, like #Pekka 웃 stated already, you've likely got a server option that's missing or enabling directory listings instead of looking for a index page within that directory. If this is the problem then there's two ways of fixing it that I've tried in the past. One, htaccess configuration to disable directory listing within that sub-directory, two, server vhost configuration to prevent whole site from directory listings. Personally I prefer to use option two and then on directories that should be allowed to be listed place an htaccess config for permissions instead of denials.
I have a situation to which I cannot seem to have a fix for !
The thing is I'm hosting a website on localhost (LAMP).
The website is created using Joomla Framework. The home page loads successfully when I navigate to the website on the localhost.
As soon as I click on any navigation links, a 404 error is displayed.
eg. homepage URL -
http://localhost/PortalSources/
Nav link -
http://localhost/PortalSources/tools/safety-assessment-tool.html
As soon as I manually add 'index.php' to the nav link
http://localhost/PortalSources/index.php/tools/safety-assessment-tool.html
the link starts to work and page loads successfully.
What could possibly cause this behavior ? How do I fix it so that I don't have to manually type in for every page on the website ?
You can probably find your answer here: https://docs.joomla.org/Enabling_Search_Engine_Friendly_(SEF)_URLs
Verify .htaccess is Enabled
Check that your Apache config file allows .htaccess overrides. You must make sure overrides are enabled or the .htaccess file in your Joomla! root directory will be ignored or cause an error. In the section of your virtual host configuration file or in the main (httpd.conf) configuration file you must have something similar to the example below enabling overrides:
<Directory "/home/user/public_html">
AllowOverride All
</Directory>
<Directory "/path/to/htdocs">
AllowOverride All Options=[an option],[an option],...
</Directory>
There are other ways to test if .htaccess is enabled if you do not have access to your site's configuration files. Please refer to the .htaccess tutorial found on The Apache Software Foundation website for additional information.
Step by Step
These are step-by-step instructions. Please follow them in the order they are presented here. If a step fails, do not continue until you have solved the problem.
Rename the file "htaccess.txt" in your Joomla!'s base folder to ".htaccess".
This step may not be necessary. Open .htaccess in a text editor. Uncomment RewriteBase / (remove the first character, #). If Joomla is installed in its own folder, the enter the Joomla folder name after the backslash. e.g. RewriteBase /yourjoomlafolder.
Log on to your Back-end and open the Global Configuration.
Enable the Use Apache mod_rewrite/URL rewriting option and Save. This option uses the Apache mod_rewrite function to eliminate the "index.php" portion of the URL.
Check if your site works correctly. Your URLs should now look like:
http://www.example.com/the-news/1-latest-news/1-welcome-to-joomla
If this option causes errors, please see How to check if mod rewrite is enabled on your server.
If it is not enabled and you have access to the file apache/conf/httpd.conf, open that file and check if the line LoadModule rewrite_module modules/mod_rewrite.so is uncommented. If necessary, uncomment the line and restart the Apache web server.
If mod_rewrite cannot be enabled, leave this option off. It does not matter if you leave the .htaccess file renamed.
If you think this necessary, enable Add suffix to URLs and Save. This option adds .html to the end of URLs. There are different opinions on whether this is necessary or even useful. Search engines do not seem to care if your URLs end in .html or not.
Open the Plugin Manager and enable the System - SEF plugin. This plugin adds SEF support to links in your Joomla articles. It operates directly on the HTML and does not require a special tag.
The site I'm working on is hosted on GoDaddy's shared servers. I need to increase the limit on the Apache directive LimitRequestBody. I've tried adding the following to .htaccess:
LimitRequestBody 20250000
But that doesn't have any effect. I've called GoDaddy support several times, and nobody there seems to know how to help.
Any ideas?
Make sure your .htaccess file is affecting the correct directory - the one where the script you want to limit lives. To affect only that directory, put your .htaccess file in the root directory(above your script) and wrap your directive with
<Directory "/var/www/path/to/script">
LimitRequestBody 20250000
</Directory>
After you change the .htaccess file, you need to run
# service httpd reload
I hope this helps.
I don't have a static IP address so a person recommended that I use no-ip.com
I did and now my website is accessible from external internet yay
The problem now is that my photos aren't showing, I thought this would have been a simple issue
I'm not sure if I have to do something with Virtual Host or...
My domain name is greenace92.ddns.net
I can access my index.html file, that shows up fine but the photos aren't showing
On my httpd.conf file I have
ServerRoot "/usr/local/apache2"
The html files are in htdocs under apache2
So, on virtual host that httpd-vhosts.conf file I have the following
ServerAdmin "jacobcun#ricekidengineer.com"
DocumentRoot "/usr/local/apache2/"
ServerName "www.greenace92.ddns.net"
*ricekidengineer.com is my other domain with email configured
I didn't change the error logs from stuck "dummy" stuff
So on my html file for image href's I have
http://www.greenace92.ddns.net/htdocs/images/normalbus-icon-on.png
I assume that www.greenace92.ddns.net is /usr/local/apache2
So I'm just continuing the directory location
Is that correct? What is wrong?
Yeah I don't understand, I even tried three different directories for a few photos, trying directly in apache2, then htdocs, then the images folder
What am I not seeing?
You will have to decide what your want as the domain for your site:
www.greenace92.ddns.net is not setup for your web site
greenace92.ddns.net is the domain setup for your web site.
You either have to
configure no-ip.com to point to the domain www.greenace92.ddns.net
(or)
change your apache ServerName directive to
ServerName "greenace92.ddns.net"
and change the image URLs in your HTML pages from something like
http://www.greenace92.ddns.net/htdocs/images/normalbus-icon-on.png
to
http://greenace92.ddns.net/images/normalbus-icon-on.png
Note: With your current configuration, the 2nd URL mentioned above should already work (It worked when I tested!).
I have a public html folder with my html pages and CGI script written in c. Within that, I have my cgi-bin folder with my GCI executable. However when I try to access my cgi page in my browser, it gives me the forbidden error. I'm using firefox and a linux system. I've looked around for the correct permissions but resources often advise different combinations. Any help is appreciated!
With a FTP client, or with console, check the rights to execute for the file. The apache process sould be able to execute it.
If this is right, and it still not work, then you have to properly configure the server.
As per your design ( 8 years ago on 2021), you did not provide permission for your cgi directory in the web server (possibly APACHE) configuration file.
Example in *nix:
Lets say your cgi-bin directory is actually is in /usr/home/your-name/cgi-bin
Then you have to add this to your that domains cgi section of your servers (ie Apache 2.4++) configuration file.
ScriptAlias /cgi-bin/ "/usr/local/www/ceo/cgi-bin/"
<Directory "/usr/local/www/ceo/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
And of course don't forget to turn on CGI module ( remove the #).