Background:
I've installed apache2 and have tried set up virtual directories... but when I try to test the different sites, I keep getting 404 error messages.
The article /tutorial I've been following is located at:
https://www.digitalocean.com/community/tutorials/how-to-configure-the-apache-web-server-on-an-ubuntu-or-debian-vps
I have the following folder structure in place:
/var/www/webtest.com/test.html
/var/www/ttimes.com/test.php
In the /etc/apache2/sites-available folder, I have the following configuration files:
jmj#cp-AOA150:/etc/apache2/sites-available$ ls -lah /var/www/
total 44K
drwxr-xr-x 9 root root 4.0K Jul 28 21:37 .
drwxr-xr-x 15 root root 4.0K Jul 28 19:54 ..
drwxr-xr-x 2 root root 4.0K May 11 2013 current
drwxr-xr-x 2 root root 4.0K Apr 3 08:21 html
-rwxr-xr-x 1 root root 177 Nov 23 2013 index.html
-rwxr-xr-x 1 root root 124 Jul 28 20:14 test.php
drwxr-xr-x 5 jmj root 4.0K Jun 6 11:58 ttimes.com
drwxr-xr-x 2 jmj root 4.0K Jul 28 21:21 webtest.com
Here's what the webtest.com.conf file looks like:
<VirtualHost *:80>
ServerAdmin admin#webtest.com
ServerName webtest.com
ServerAlias www.webtest.com
DocumentRoot /var/www/webtest.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Here's what my hosts file looks like:
127.0.0.1 localhost
127.0.1.1 cp-AOA150
This is all just on a local dev box where I want to have multiple sites located under /var/www. Once the site is developed, I'm going to move them to my hosting company.
I currently don't have other IP addresses to add, so I skipped the step of adding VPS server IPs.
I am able to successfully run the
sudo a2ensite webtest.com.conf
command and I restart apache.
But when I go to my site by typing http://localhost/webtest.com/test.html, I get a 404 not found error.
What I've tried so far:
- I've reviewed the article to make sure I didn't miss any steps.
- proved that apache itself is working by going to http://localhost. When I do that, I get a page that reads:
Index of /
[ICO] Name Last modified Size Description
Apache/2.4.7 (Ubuntu) Server at localhost Port 80
Then I stop the apache service and try the same URL. It fails.
You might have to edit /etc/apache2/apache2.conf
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
and change it to;
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
then,
sudo service apache2 restart
You may need to also do sudo a2enmod rewrite to enable module rewrite.”
You have it setup as a virtual host pointing to webtest.com but you're trying to access it through localhost/. With a VirtualHost it doesn't exist in that path.
The easiest way is to edit your /etc/hosts file to make a local DNS entry for webtest.com. Add a line to that file like this:
127.0.0.1 webtest.com
Then point your browser to webtest.com and you should see your site.
Related
Could I ask for some help with PHP and permissions on Linux. I'm trying to move log files from /var/www/html/log to /home/user/log and then created symbolic link to it. I have used command
ln -s /home/user/log/ log
to create the link and made sure to give permissions 755 (even 777) to both link and folder /home/user/log, as well as owner set to apache:apache on both. But I get permission denied all the time even if I try to just list the files over the symlink. Tried adding to httpd.conf below:
<Directory "/var/www">
Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted
</Directory>
<Directory "/home/user/log">
Options Indexes FollowSymLinks
AllowOverride None
# Allow open access:
Require all granted
</Directory>
New folder location permissions
drwxrwxrwx. 3 apache apache 4.0K Feb 15 11:19 log
Symlink permissions
lrwxrwxrwx. 1 apache apache 17 Feb 15 12:57 log -> /home/user/log/
Error from php in chrome browser
Warning: scandir(/var/www/html/log): failed to open dir: Permission denied in /var/www/html/test.php on line 2
test.php code
<?php
$files = scandir('/var/www/html/log');
echo '<pre>';
print_r($files);
echo '</pre>';
?>
Output of ls -ld /home/user /home/user/log
drwxrwxrwx. 28 user user 4096 Feb 15 11:18 /home/user
drwxrwxrwx. 3 apache apache 4096 Feb 15 12:57 /home/user/log
What am I missing??
Thank you
it is my first question here.
I get 403 - Forbidden for every php file. Tried with index.php and other names like test.php. Tried different subfolders and in /var/www/html directly.
Raspberry Pi 2 Model B Rev 1.1
Server version: Apache/2.4.10 (Raspbian)
Server built: Jul 18 2017 22:21:17
All updates installed. Have owncloud, pihole, mysql installed. It worked fine and after a restart it stopped working and more restarts don't fix it. Had to fix some network issues with 'no route to host' and a new external HDD.
I set permissions with
sudo find /var/www -type d -exec chmod 755 {} +
sudo find /var/www -type f -exec chmod 644 {} +
so folders are 755 and files are 644. Owner is also www-data:www-data everywhere in /var/www
so th structure to my index.php example would be
drwxr-xr-x 12 root root 4096 May 4 05:01 var
drwxr-xr-x 4 root root 4096 Jul 25 20:47 www
drwxr-xr-x 6 www-data www-data 4096 Jul 25 19:52 html
-rw-r--r-- 1 www-data www-data 29 Jul 24 20:08 index.php
also tried chmod 777 on index.php but still 403 error.
index.php:
<?php echo "hello world"; ?>
or
<?php phpinfo(); ?>
both don't work. No .htaccess files used.
part of apache2.conf:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/html>
Order allow,deny
Allow from all
Require all granted
</Directory>
added the last Directory in an attempt to fix it.
So what is causing the error?
So I decided to purge everything and all configs plus folders. After reinstalling i realized it migth just be
drwxr-xr-x 4 root root 4096 Jul 25 20:47 www
needed also to be
drwxr-xr-x 4 www-data www-data 4096 Jul 25 20:47 www
owned by www-data www-data
Because now it is. But what i don't understand is how can index.html work in this folders and php does not.
I'm having some issues with permissions when it comes to symbolic links on my apache2 webserver. I originally had a data/ in /var/www , but was it getting too large for the directory and I kept getting a partition full warning. I'd like to move the data/ folder to /home/processor/Documents/sandbox/www_data/
I moved all the data to www_data and created a symbolic link in /var/www
ln -s /home/processor/Documents/sandbox/www_data data
Checking the link:
:/var/www$ ls -l data
lrwxrwxrwx 1 processor processor 43 Mar 16 17:03 data -> /home/processor/Documents/sandbox/www_data/
An example of the data shows that all permissions seem reasonable to me:
:/var/www$ ls -l data/2/15/2015/8/25/10/54/wf/2_15_2015_8_25_10_54_11*
-rwxrwxrwx 1 processor processor 475643 Mar 16 16:58 data/2/15/2015/8/25/10/54/wf/2_15_2015_8_25_10_54_11.png
-rwxrwxrwx 1 processor processor 53539 Mar 16 16:58 data/2/15/2015/8/25/10/54/wf/2_15_2015_8_25_10_54_11_thumb.png
This is whats in between the <VirtualHost *:80> </VirtualHost> in my /etc/apache2/sites-available/000-default.conf:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options FollowSymLinks Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
But when trying too access it from the site I get "Forbidden You don't have permission to access /data/2/15/2015/8/25/9/46/wf/2_15_2015_8_25_9_46_28.png on this server."
I've read through a bunch of threads and have chown www-data:www-data, I've chmod -R 777 everything, and changed my 000-default.conf to numerous varieties of the same thing, but nothing is working. I don't know where to go from here.
Any suggestions would be greatly appreciated.
Thanks
It has to do with the permissions of /home/processor. The entire path needs a certain degree of privileges and the home directory did not have them. The only thing that needed to be done was to allow access to read and execute
sudo chmod 755 /home/processor/
I'm configuring a multidomain web server using Apache virtual hosts and suEXEC (Centos 6.5, Apache 2.2.5 and PHP 5.3.3).
I want to prevent PHP to access folders/files above the website directory. I will explain step by step what are my settings and at last what's the problem.
This is the folder structure that I'm using:
/var/www/domain.com/public_html/
Inside /var/www/ I've got this:
drwxr-xr-x 2 root root 4.0K Aug 13 13:30 cgi-bin/
drwxrwxr-x 4 apache apache 4.0K Jan 28 09:16 site1.com/
drwxrwxr-x 4 apache apache 4.0K Jan 28 08:44 site2.com/
drwxr-xr-x 4 apache apache 4.0K Jan 30 11:08 site3.com/
and inside /var/www/site1.com/:
drwxr-xr-x 2 apache apache 4.0K Jan 30 10:16 logs/
drwxr-xr-x 3 user1 user1 4.0K Jan 30 11:08 public_html/
The virtual host definition for site1.com inside httpd.conf is:
<VirtualHost *:80>
ServerAdmin info#site1.com
DocumentRoot /var/www/site1.com/public_html
ServerName www.site1.com
ServerAlias site1.com
ErrorLog /var/www/site1.com/logs/error_log
CustomLog /var/www/site1.com/logs/access_log common
php_flag log_errors on
php_flag display_errors on
php_value error_log /var/www/site1.com/logs/php_errors.log
<Directory "/var/www/site1.com/public_html">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SuexecUserGroup user1 user1
AddHandler application/x-httpd-php .php
Action application/x-httpd-php /cgi-bin/php-cgi
ScriptAlias /cgi-bin/ /var/www/site1.com/public_html/cgi-bin/
<Directory "/var/www/site1.com/public_html/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
But, I wrote and executed this php script (www.site1.com/test.php)
<?php
system("id");
print "<pre>";
system("ls /var/www");
print "</pre>";
?>
and I get:
uid=503(user1) gid=503(user1) groups=503(user1)
site1.com
site2.com
site3.com
That means that PHP can access any folder in my server (including /etc /var /usr, etc)
I'd like to prevent Apache/PHP to access all folders above /var/www/site1.com
How should I configure Apache?
I've done an extensive google research about this issue, but I couldn't find the solution.
Thanks a lot.
Running on production, you should really be using something like:
disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
in your php.ini file. Allowing things like system or exec represents a real security flaw.
You also want to use something like:
php_admin_value open_basedir /var/www/site1.com/
In your Apache vHost conf, to prevent PHP from overstepping its desired boundaries...
As it stands, I could upload a PHP file as user1 to /var/www/site1.com/public_html/attacker.php, that contains:
<?php
chmod("/var/www/site2.com", 777);
?>
Then, open up my browser and navigate to http://site1.com/attacker.php. Apache would pass this off to PHP quite happily, run it, and as Apache owns /var/www/site2.com is quite capable of changing the permissions.
Bam!
user1 can now access /var/www/site2.com/, as well as anyone else with a user account on that machine. It could then hijack the site, creating new files to host bitcoin mining operations, sell Viagra, etc., etc.
Note: Even if you trust your users not to do anything malicious, there's no guarantee that a third party can't gain access to their account and do something like this. Best way to deal with it is to contain a compromised account, so it can't do too much damage to the system at large.
For more info, check out:
http://php.net/manual/en/ini.core.php#ini.open-basedir
https://www.cyberciti.biz/faq/linux-unix-apache-lighttpd-phpini-disable-functions/
I have Ubuntu 11.10 with Lamp installed
There is some files that i can't access to from my web directory "/var/www"
http://localhost/banner/banner.html
I am getting an error :
Forbidden You don't have permission to access /banner/banner.html on this server.
Apache/2.2.20 (Ubuntu) Server at localhost Port 80
I can access /var/www/index.php normally as i can browse /var/www/banner normally too from my browser
This is a small peace of :
a1a4a#A1A4a:~$ ls -l /var/www
total 7088
-rwxrwxrwx 1 root root 916 2011-11-25 20:49 access-controlled.php
-rw-r--r-- 1 root root 22163 2011-12-16 22:28 account_info.php
-rw-r--r-- 1 root root 22126 2011-12-16 22:27 account_info.php~
-rw-r--r-- 1 root root 16585 2011-12-16 21:32 acount_info.php
-rw-r--r-- 1 root root 0 2011-12-16 21:28 acount_info.php~
drwxrwxrwx 5 root root 4096 2011-12-09 23:03 banner
drwxrwxrwx 2 root root 4096 2011-12-09 23:03 css
And
a1a4a#A1A4a:~$ ls -l /var/www/banner
total 20
-rw--w---- 1 root root 2564 2011-11-25 20:51 banner.html
drwx-w---- 4 root root 4096 2011-12-09 23:03 examples
drwx-w---- 2 root root 4096 2011-12-09 23:03 lib
drwx-w---- 4 root root 4096 2011-12-09 23:03 skins
-rw--w---- 1 root root 1431 2011-11-25 20:51 style.css
This is my config :
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
My "nano /etc/apache2/apache2.conf" is set as default ...
How can i make all my /var/www files (folders and sub-folders and files ) accessible from my browser as if i was on a windows machine using Wamp ...
P.S: I will host the website on a Windows machine i am using ubuntu just for coding.
the user running the apache deamon, on ubuntu thats www-data (like in most debian based systems), needs at least read permissions for the files.
But as you posted only owner root and group root has read rights.
Actually owner root has rw group root has r.
So the user actually running the webserver (www-data) falls to the others permissions, which have none.
Either do a chmod -R o+r /var/www/banner/* or a chown -R www-data /var/www/banner to fix that.
I always forget that while the sub-directories and files need the read permission, the sub-directories also need execute permission.
chmod a+x banner
This tends to come up when I've saved a web page in the 'Webpage, Complete' format with Chrome or Firefox and am then trying to serve it under localhost, which I often do when building mockups for clients.
May be it is an issue with your banner.html permissions - apache`s user has no permissions even to read it.