I have a PHP system inside a server which is not yet uploaded in the internet and can only be accessed using networking. (E.g. 192.168.1.190/php_system/index.php) How can I fix the URL of this to avoid other computers to accessing files inside the php_system folder? And how can avoid them to accessing file using CTRL + Left Click or opening files inside iframe using another window?
Edit your Apache Virtual host to allow access only from certain IPs. Something like this:
<VirtualHost *:80>
ServerName EDIT.THIS.com
ServerAlias EDIT.THIS.IF.YOU.HAVE.ONE.com
DocumentRoot "/full/path/to/root"
<Directory /full/path/to/root>
Options FollowSymLinks
Order Allow,Deny
Allow from 192.168.0.1 EDIT.TO.ANOTHER.IP AND.ANOTHER
</Directory>
</VirtualHost>
Alternatively, add a "auth" value (that will require a login and password) like this:
<Directory /full/path/to/root>
AuthType Basic
AuthName "Admin"
// NOTE: do not include this in your website folder
AuthUserFile /path/to/.passwd_file
Require user user1 user2
</Directory>
Edit: Corrected the Order values.
Try http://httpd.apache.org/docs/trunk/platform/windows.html. this will show you directives on how to configure your Apache server on windows.
In the directory you want to protect, add a file called .htaccess (the period matters)
In this file, put the following three lines (EDITED based on Sven's inputs)
order deny,allow
allow from 127.0.0.1
deny from all
Now it should be impossible for anyone but you (logged in on the machine where Apache is running) from seeing the contents. Any file sharing that is active has to be turned off separately. Alternatively, you add a line that includes the IP address of the machine from which you want to access the server instead of 127.0.0.1 - you can even have multiple lines of allowed addresses, include ranges, ...
You will find a ton more information at http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#order
Related
OS: Microsoft Windows Server
web server: Apache
front-end framework: Vue.js
back-end framework: Laravel
I set when path is "example.com", I can see my Vue.js page; When path is "example.com:9999", I can see my Laravel project.
I want access to "example.com" from any IP and "example.com:9999" just can access from this website, how to do that?
This is my httpd-vhost.conf.
<VirtualHost *:80>
DocumentRoot "C:\Apache24\htdocs\index"
ServerName example.com
<Directory "C:\Apache24\htdocs\index">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:9999>
DocumentRoot "C:\Apache24\htdocs\Laravel_project_name\public"
ServerName example.com
<Directory "C:\Apache24\htdocs\Laravel_project_name\public">
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
My final goal is I don't want anyone know what framework I'm using. and prohibit anyone can see my laravel index.php and other file in laravel_project_name/public.
Look at the documentation for VirtualHost:
<VirtualHost addr[:port] [addr[:port]] ...> ... </VirtualHost>
Addr can be any of the following, optionally followed by a colon and a
port number (or *):
The IP address of the virtual host;
A fully qualified domain name for the IP address of the virtual host (not recommended);
The character *, which acts as a wildcard and matches any IP address.
The string default, which is an alias for *
If you only want it accessible from localhost, then replace * with the localhost IP address.
That said, your goal is a bit unclear.
The above will stop a client running on a different computer from accessing on that virtual host.
There's no way to allow users of the Vue application to access that VirtualHost without letting people bypass the Vue application and access it directly. They will still be making an HTTP request to your server and there's no way to tell if it was initiated by your code built into your Vue application or someone else's code (or manually constructed request).
I use wamp. My PC is in a Lan. everybody in the Lan can see my localhost and I don't want that.
I want to limit people on Lan to just be able to see localhost/site/ but now everybody can see localhost and every files and folder that are in localhost.
How can I solve this?
I edit httpd.conf and change "deny from all" to "deny from none"
Knowing the IP address is the main goal here, of course you can deny from specific folder by opening .htaccess file:
<Directory specific_folder/>
Options FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.0(Replace this IP to allow access)
</Directory>
Let me know if this works for you
Localhost is actually your loopback address which resolves to 127.0.0.1 and this is only accessible from your PC. I think what your trying to ask is to allow IP's from your subnet to access certain directories but not others. If thats the case then to do this you will need to edit your httpd.conf and find the <Directory> section. The below example shows you how to enabled access from any PC with an IP from 192.168.1.0/24 (1-254) and localhost (127.0.0.1) to the following path /var/www/sub/folder/ then deny all.
<Directory /var/www/sub/folder/>
Order allow,deny
Allow from 192.168.1.0/24
Allow from 127
</Directory>
As you can see it firstly allows all from the the config and then deny's everything else. If you wanted access for just your local PC then you would do something like this:
<Directory /var/www/sub/folder/>
Order allow,deny
Allow from 127
</Directory>
This will only allow 127.0.0.1 (Localhost) to access the folder.
You can add multiple Directory settings within the httpd.conf for specific folders, just make sure you restart Apache for the changes to apply.
I'm not sure what your problem is, but localhost is only available from your own computer. (localhost resolves 127.0.0.1)
In order to display the webpages to other users on your LAN network you can use your LAN IP or a service like xip.io
Is it a way to start a Laravel project in another folder? For example:
instead of C:/xampp/htdocs
to D:/projects/web/project1
So after I download Laravel with composer to my D:/projects/web/project1 folder I want to reach it as: http://project1.local in my browser.
I added 127.0.0.1 project1.local to my hosts but it only opens xampp in the browser.
Suggestions, ideas?
You need to indicate to xampp that your site will be sited outside the documentroot folder (where all the sites in your server are located).
In your httpd.conf file add these lines, which will allow to you to access the site via http://localhost/laravel.project:
Alias /laravel.project "D:/projects/web/project1/public"
<Directory "D:/projects/web/project1/public">
Options FollowSymlinks
AllowOverride none
Require all granted
</Directory>
If you want to get access directly, via a uri like http://laravel.project, you must create a VirtualHost.
I have multiple websites in folders that I need to switch back and forth too constantly. Each time I have to go to the httpd.conf file to find them and change DocumentRoot and Directory lines. I was wondering if there is a faster way to do this, maybe with a cmd prompt? Or maybe a php inc file I can create.
Thanks.
You would be much better off setting all your sites up as Virtual Hosts. They are always available and you dont have to change anything other than the url to access each individually.
HowTo: Create Virtual Hosts in WAMP
BEFORE DOING ANY OF THIS PLEASE ENSURE APACHE AND MYSQL ARE WORKING PROPERLY FIRST!!!
Create a new folder outside the wamp directory structure. For example
C:\websites\www
but this can be on any disk drive visible to the PC running wamp
Create a subfolder in c:\websites for each site you want to create. for example:
C:\websites\www\site1
C:\websites\www\site2
Edit the file C:\wamp\bin\apache\apachex.y.z\conf\extra\httpd-vhosts.conf where x,y and z are the version numbers of apache that you actually have installed.
NOTE: If you are switching between 2 or more versions of apache this will have to be done to all your versions of apache in turn.
SUGGESTION: I like to use the format sitename.dev to make it obvious to me that I am dealing with my localhost development copy of a site, you may prefer another notation, thats ok, the word dev has no actual defined meaning in this case, its just my way of naming my development versions of a live site.
NOTE: Remove or better still comment out ( using the # in column 1 ) the lines that already exists in this file. They are just examples.
example contents:
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
## must be first so the the wamp menu page loads when you use just localhost as the domain name
## Also NEVER change the security to anything other than Allow from 127.0.0.1 localhost ::1
## Then a drive by Ip address hack should return a 403 denied access
<VirtualHost *:80>
DocumentRoot "C:/wamp/www"
ServerName localhost
ServerAlias localhost
**Using Apache 2.2 syntax**
<Directory "C:/wamp/www">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 localhost ::1
## For every ip in the subnet, just use the first 3 numbers of the subnet
## Check you actual subnet for the actual values to use here
Allow from 192.168.0
</Directory>
**Using Apache 2.4 syntax**
<Directory "C:/wamp/www">
Require local
## And possibly allow access from you local network
## Check you subnet for the actual values to use here
Require ip 192.168.0
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:/websites/www/site1"
ServerName site1.dev
ServerAlias www.site1.dev
Options Indexes FollowSymLinks
**Using Apache 2.2 syntax**
<Directory "C:/websites/www/site1">
AllowOverride All
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 localhost ::1
#If you want to allow access from your internal network
# For specific ip addresses add one line per ip address
#Allow from 192.168.0.nnn
# For every ip in the subnet, just use the first 3 numbers of the subnet
#Allow from 192.168.0
# If you want to allow access to everyone
#Allow from all
</Directory>
**Using Apache 2.4 syntax**
<Directory "C:/websites/www/site1">
AllowOverride All
Require local
#If you want to allow access from your internal network
# For specific ip addresses add one line per ip address
#Require ip 192.168.0.nnn
# For every ip in the subnet, just use the first 3 numbers of the subnet
#Require ip 192.168.0
# If you want to allow access to everyone
#Require all granted
</Directory>
</VirtualHost>
Add as many as you require so each of your sites have one, changing the DocumentRoot, ServerName and any other of the parameters as appropriate.
This also allows you to make SITE SPECIFIC changes to the configuration.
NOTE: This will make the wamp manager "Put Online" function no longer have any effect on these new vhost'ed sites as the security for each one is now part of the vhost definition, so leave WAMP, OFFLINE.
If you want to put one or more sites online you will have to change the Allow commands MANUALLY in the httpd-vhosts.conf file.
To check your subnet do the following:
Launch a command window, and run
>ipconfig
Look for the line "Default Gateway" in the output and use the third number in your Allow commands.
Edit your httpd.conf file and search for these lines, they are near the bottom of the file.
# Virtual hosts
#Include conf/extra/httpd-vhosts.conf
Remove the '#' comment character on this line to Include your newly changed vhosts, this will cause apache to register their existance. eg
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
While still editing your httpd.conf file search for
# onlineoffline tag - don't remove
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
DO NOT CHANGE THESE LINES!
Add the following after the <\Directory> tag to secure your new C:\websites folder.
<Directory "C:/websites/">
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Directory>
This is to set security on your new directory structure so that access to these new sites is only allowed from 127.0.0.1 (localhost) unless amended from within a specific VHOST.
P.S. Your internal network will probably be something like 192.168.x.y, check your system first!
Now in order for your browser to know how to get to these new domain names i.e. site1.dev and site2.dev, we need to tell windows what IP address they are located on. There is a file called HOSTS that is a hangover from the days before Domain Name Servers (DNS) were invented. It is a way of giving nice easy rememberable names to IP address's, which of course is what DNS Servers do for us all now.
Edit your HOSTS file, this can be found in C:\windows\system32\drivers\etc , the file does not have an extension.
Windows protects this file so you must be an Administrator to be allowed to save changes to this file.
If you are using VISTA or Windows7/8 you may think you are an Administrator BUT YOU ARE NOT!!!!
So to edit this file you must launch your editor, or Notepad in a specific way to gain Administrator rights. To do this find your editors icon and launch it using the following key strokes:
Shift + Right Click over its icon, this will display a menu, click the item "Run as Administrator", and click "Allow" on the challenge dialog that will appear.
Now you are ready to edit the hosts file so navigate your editor to c:\windows\system32\drivers\etc\hosts
Add the following lines to this file
127.0.0.1 site1.dev
127.0.0.1 site2.dev
NOTE: You will need to add one line in this file for each of your new virtual hosts.
Once you have saved these changes you need to make windows refresh its 'domain name - ipaddress cross reference' cache.
To do this launch a command window as an Administrator ( Shift + Left Click over the command window icon ) and run these 2 commands.
>net stop "DNS Client"
>net start "DNS Client"
Note: The quotes are required as there is a space in the services name.
In order for Apache to pick up these changes you must bounce ( restart ) apache.
DO this by: Wamp manager -> Apache -> Service -> Restart Service
You should now be able to use the address site1.dev in your browser to get to your new sites.
Copy your sites code into the "C:/websites/xxxx" folder if you already have a site coded or,
place a quick and simple index.php file into the "c:\websites\xxxx" folder to proove it all works.
example:
<!DOCTYPE html>
<html lang="en-US">
<head>
<meta charset="UTF-8">
<title>SITE1</title>
</head>
<body>
<?php
echo '<div style="background-color:red;color;white;text-align:center;font-size:18px">HELLO FROM Site1</div>';
?>
</body>
</html>
TROUBLE SHOOTING:
If you have used the new domain name ( site1.dev ) and it has not found the site.
a. Check the changes to the hosts file.
b. Restart the "DNS Service" that runs in windows. This caches all doman names that you use in a browser so that the browser does not have to query a DNS Server each time you re-use a domain name. This may have cached your failed attempt but a restart is easy and should solve the problem and is quicker that re-booting windows, which should also work.
We all have php files like 'connect_db.php' for include purposes only.
Suppose I have all those inclusive .php files in "www/html/INC"
And I have index.php
I want index.php accessible from browser to everyone, but I want to prevent users' direct access to "www/html/INC" folder. (e.g. when type in the browser 'www.domain.com/INC/' -> 404 error etc)
How do I achieve this?
Preferrably using .htaccess file in the root directory please.
Something like
<Directory /INC>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Directory>
should work.
How do I achieve this?
Don't. As per my previous answer, it's much more secure to put connect_db.php in /www/, not in /www/html/INC/. If you are going to do so, then you'd use /www/html/.htaccess:
<Directory "/www/html/INC">
order allow,deny
deny from all
</Directory>
Google searches have brought me here so I figured I'd post what I found in the apache docs today. I'm not positive what versions of apache it is available in, but do a search for your version to verify.
Now you can just use Require local. I'd recommend putting an .htaccess in the folder that you want to restrict access to with just that line. However, if you must do it in the root directory then here's what it would be:
<Directory "www/html/INC">
Require local
</Directory>
As of Apache 2.4, Require is the way to go.
E.g. the following denies access to the /www/html/INC directory by anyone except localhost:
<Directory "/www/html/INC">
Require all granted
Require ip 127.0.0.1
</Directory>
Move connect_db.php to the more high level in directories tree, than public directory.
And all scripts, which should not be executable - too.
/home/user/project/incs/ -- here your inclusive scripts
/home/user/project/www/html -- here your index.php and other executable scripts.