Using Apache 2.4 64 bit VC10 build on my Win 7 machine from Apache Lounge, how do I enable folder file view? I just want to see what files are in every folder that does not have a index file in that folder.
This is for dev purposes only. I have tried using Options Indexes / All options and restarted my server a few times. All I get is 403 Forbidden.
For Apache 2.4, if you have enabled Directory Indexes such as index.html or index.php you must first disable that before you can get folders and files to show in a web browser.
<Directory "/vhost/www/htdocs/path/to/folder">
DirectoryIndex disabled
Options Indexes
</Directory>
The directive in Apache has changed from version 2.2 to 2.4 and up.
I am running version 2.4.7 and a basic vhost file looks like this:
<VirtualHost 192.168.1.5:80>
DocumentRoot /srv/html/
ServerName some.placeoverthe.rainbow
<Directory /srv/html/>
Options Indexes ## Allows directory browsing.
Require all granted ## Allow all request
</Directory>
</VirtualHost>
Taken form the Apache website: https://httpd.apache.org/docs/2.4/upgrading.html
Here are some examples of old and new ways to do the same access control.
In this example, all requests are denied.
2.2 configuration:
Order deny,allow
Deny from all
2.4 configuration:
Require all denied
In this example, all requests are allowed.
2.2 configuration:
Order allow,deny
Allow from all
2.4 configuration:
Require all granted
In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.
2.2 configuration:
Order Deny,Allow
Deny from all
Allow from example.org
2.4 configuration:
Require host example.org
Directory Indexing
Taken form the Apache website: http://httpd.apache.org/docs/2.4/mod/core.html
The Options directive controls which server features are available in a particular directory.
option can be set to None, in which case none of the extra features are enabled, or one or more of the following:
All
All options except for MultiViews.
ExecCGI
Execution of CGI scripts using mod_cgi is permitted.
FollowSymLinks
The server will follow symbolic links in this directory. This is the default setting.
Even though the server follows the symlink it does not change the pathname used to match against sections.
The FollowSymLinks and SymLinksIfOwnerMatch Options work only in sections or .htaccess files.
Omitting this option should not be considered a security restriction, since symlink testing is subject to race conditions that make it circumventable.
Includes
Server-side includes provided by mod_include are permitted.
IncludesNOEXEC
Server-side includes are permitted, but the #exec cmd and #exec cgi are disabled. It is still possible to #include virtual CGI scripts from ScriptAliased directories.
Indexes
If a URL which maps to a directory is requested and there is no
DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory.
MultiViews
Content negotiated "MultiViews" are allowed using mod_negotiation.
Note:
This option gets ignored if set anywhere other than , as
mod_negotiation needs real resources to compare against and evaluate from.
SymLinksIfOwnerMatch
The server will only follow symbolic links for
which the target file or directory is owned by
the same user id as the link.
As a side note: You might want to check and make sure that the user that apache is running under has permission to read from that directory. On windows this may not be an issue but on Linux it very well can be an issue. On most Linux distros the default user is typically :
www-data
So you would need to change permissions for that directory to allow apache access if the directory is owned by someone other than the user apache runs under.
<Directory "/srv/www/htdocs">
Options +Indexes
################
Order allow,deny
Allow from all
</Directory>
Related
I have a PHP script that is run from cron to send out reminder emails.
To prevent unauthorised use of this script, I have the following .htaccess file which I upgraded to the Require directive after upgrading apache to 2.4 from 2.2.
<Files "reminder.php">
Require all denied
Require host localhost
Require ip 127.0.0.1
Require ip xxx.yyy.zzz.aaa
</Files>
xxx.yyy.zzz.aaa is the address of the webserver, equivalent to localhost.
Whereas the old .htaccess file used to work, this one isn't preventing access from remote browsers. I've read and reread all the directive documentation and can't see what is wrong. Any clues? Is this the best way to protect a PHP script designed to run from cron?
The old .htaccess file was:
<Files "reminder.php">
Order Deny,Allow
Deny from all
Allow from localhost
Allow from 127.0.0.1
Allow from xxx.yyy.zzz.aaa
</Files>
I found the problem. When I set up the 2.4 server, I explictly used
AllowOverride None
and didn't override this in specific directories. BTW AllowOverride defaulted to All in 2.2 and defaults to None in 2.4 so without the directive I would still have had the same problem.
So replacing this with
AllowOverride All
within the <directory> group fixed the problem. The .htaccess file is now allowed to do its job.
I am trying to use PHP within my WAMP environment to create new directories (checking if they exists first) on a local drive (U:) which is mapped to a media server (\tr-svrwc-fms)- with no success: I receive a 403 error.
I've tried creating directory Aliases:
Alias /vid "tr-svrwc-fms//"
<Directory "tr-svrwc-fms//">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
and also:
Alias /vid "U:"
<Directory "U:">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order Allow, Deny
Allow from all
</Directory>
I've even tried modifying the root directory settings in httpd.conf to "Allow from all".
my WAMP server version is 2.2 with Apache version 2.2.21
thank you in advance for your help
It is recommended to only use only UNC paths for network resources in httpd.conf
The syntax should look something like this:
Alias /vid "//laptop1/vid"
<Directory "//laptop1/vid">
...
</Directory
Where laptop1 of course will be different in your case.
I've learned that with WAMP installed on my local hard drive, the Apache server (as configured) does not allow for communication outside of the WAMP root folder due to permissions.
This type of communication can however be accomplished via a PHP shell script on the Command Line which doesn't route through the Apache Server.
in my apache sites-available/default file i had change the config to folowing:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All //originally was AllowOverride None
FallbackResource rewrite.php //i added this line, too
Order allow,deny
allow from all
</Directory>
i wanted to handle all url calls in my own rewrite.php file. this works, when i visit my site at http://192.168.1.104:4567/web/knxzkcha but doesnt work when i go for http://192.168.1.104:4567/web/. i got this problem in firefox : The connection to the server was reset while the page was loading.
the index site http://192.168.1.104:4567/web/index.php works flawlessly and shows me my index.php file. all i want is to let me show the index file when visiting the root directory, too. /var/www points to the /web directory. i have some ubuntu 12.04 server 64 LTS edition
when i rewert the config lines, the root gives me the index file by default.
You do not need to add AllowOverride All, telling apache to avoid IO by checking existence of .htaccess files in current directory and all parents directories with AllowOverride None is a good recipe for speed. Avoid .htaccess files if you can edit Apache configuration.
Now FallbackResource is a quite new feature and may have some bugs. Did you check the ErrorLog for details? Could you try that with LogLevel debug?
It seems you problems is with directories, maybe you could fix it by enforcing usage of your fallback when a Directory is requested, try to add:
DirectoryIndex rewrite.php
I have installed XAMPP in my machine(Windows XP OS). And I have Eclipse as IDE.
Now my question is, In which directory i should keep my workspace (or project).
Whether I should keep under the path "C:\xampp\php\www" OR under "C:\xampp\htdocs".
You need to change the DocumentRoot value in c:\xampp\apache\conf\httpd.conf from
DocumentRoot "C:\xampp\htdocs"
to
DocumentRoot "E:/MyProject/Source/Admin"
and configure permissions also.
<Directory "E:/MyProject/Source/Admin">
Options +Indexes FollowSymLinks +ExecCGI
AllowOverride AuthConfig FileInfo
Order allow,deny
Allow from all
</Directory>
and then restart the apache server(in xampp control panel). so from there onwards whenever you access http://localhost/ it will execute the files under E:/MyProject/Source/Admin
see for more info.
http://httpd.apache.org/docs/2.0/mod/core.html#documentroot
http://www.apachefriends.org/en/xampp-windows.html#529
Looking at the Where I change the start page? section of XAMP's FAQ (quoting) :
The DocumentRoot folder is
"\xampp\htdocs". There is the
index site (index.php) the real
start page which is loaded after
executing of "http://localhost/".
So, I'd say, in your case, you'll have to work in C:\xampp\htdocs.
Still, of course, you can change that by modifying Apache's configuration and/or creating new VirtualHosts.
I have a production server with apache2, php, mysql.
I have just one site right now (mysite.com) as a virtual host. I want to put phpmyadmin, webalizer, and maybe webmin on there. So far, I installed phpmyadmin, and it works but the whole internet can go to mysite.com/phpmyadmin
How can I reduce the visibility to say 192.168.0.0/16 so it's just accessible to machines behind my firewall?
1) You can do it at the Webserver level.
Use allow/deny rules for apache. If you don't have direct access to your apache configuration file, you may use a .htaccess file.
<Directory /docroot>
Order Deny,Allow
Deny from all
Allow from 10.1.2.3
</Directory>
2) You can do it at the application level using the phpmyadmin config file.
The configuration parameter is: $cfg['Servers'][$i]['AllowDeny']['rules']
Examples of rules are:
'all' -> 0.0.0.0/0
'localhost' -> 127.0.0.1/8
'localnetA' -> SERVER_ADDRESS/8
'localnetB' -> SERVER_ADDRESS/16
'localnetC' -> SERVER_ADDRESS/24
You can see this on the official phpMyAdmin configuration documentation.
http://www.phpmyadmin.net/documentation/#servers_allowdeny_order
You would use a module in Apache called mod_access
You can either configure it in your apache config file or within a .htaccess file in the directory's root.
Here's a short example
<Directory /your_folder/location>
Order Deny,Allow
Deny from all
Allow from 123.123.123.123
</Directory>
Use the <Location> directive (either in server configuration or if it is allowed, in .htaccess). In there, you can use Allow from to deny access to everyone else except some certain source.