I'm trying to create a wrapper/handler that will be called on the Apache server whenever someone requests any PHP script inside of a directory. That way I can authorize users for the entire directory or write some other stuff to be called when the directory is called.
This is the best configuration I've been able to come up with...
<Directory "/srv/http/INNOV/PUBLIC_HTML">
Options -Indexes
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.php
</Directory>
Then in /srv/http/INNOV/PUBLIC_HTML/kb/ I have this .htaccess file...
Options -Indexes
AddHandler auth_handler .php
Action auth_handler ../auth_handler.php
Then in /srv/http/INNOV/PUBLIC_HTML/kb/auth_handler.php is as follows...
<?php
$FILE = $_SERVER['PATH_TRANSLATED'];
echo $FILE;
?>
Access Log:
- - [02/Dec/2010:17:43:15 -0500] "GET /kb/index.php HTTP/1.1" 400 590
Error Log:
[Thu Dec 02 17:50:19 2010] [error] [client XXX.XXX.XXX.XXX] Invalid URI in request GET /kb/ HTTP/1.1
I've checked my browser and it seems to be making a proper request.
nvm, all I had to do was remove the ../ in the htaccess file. DUR! Apologies.
Related
I'm trying to put a website online from my webserver.
To do that, I've created a virtualHost with Wamp, which is correctly reached when I'm on the local app.
But, when i try to access the website from another computer (from another domain), I've got a 503 error :
You dont have permission to access this resource. Apache/2.4.46 Php/7.4.9 Server at XXX.XXX.XX.XX (mypublicip) Port 80
Here is my httpd-vhosts.conf :
<VirtualHost *:80>
ServerName espaceclient
ServerAlias espaceclient
DocumentRoot "C:/wamp64/www/espace_client/public"
<Directory "C:/wamp64/www/espace_client/public">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Here is my .htaccess, located in my public folder :
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
I've already tried to put a copy of the .htaccess in the root of my project and a lot of configurations, but i don't find...
The port 80 is opened and I've deactived the firewall and the antivirus to test.
If someone has an idea... :p
I followed your advice and configure a new VHost like that :
ServerName espaceclienttest.abiolab.fr
ServerAlias www.espaceclienttest.abiolab.fr
DocumentRoot "C:/wamp64/www/espace_client/public"
<Directory "C:/wamp64/www/espace_client/public/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
I've also configured the ssl like the second link you put.
In local, when I access to " espaceclienttest.abiolab.fr", it's ok it works, but from the outside, I already have the 403 forbidden error (you can try this link, you will see what I mean : http://espaceclient.abiolab.fr
In my Apache Log, I find this :
[Fri Oct 15 10:28:07.841191 2021] [authz_core:error] [pid 3004:tid
1300] [client 92.184.112.230:50363] AH01630: client denied by server
configuration: C:/wamp64/www/favicon.ico, referer:
http://XXXX.XXX.XX.XX/espaceclient
I've got the same message while trying with other url adress, like :
[Fri Oct 15 10:23:07.606404 2021] [authz_core:error] [pid 3004:tid
1300] [client 92.184.112.230:60946] AH01630: client denied by server
configuration: C:/wamp64/www/favicon.ico, referer:
http://XXXX.XXX.XX.XX/espaceclienttest.abiolab.fr
It looks like it can't access to the folder C:\wamp64\www\espaceclient ! And indeed, this folder does not exists ! I've just C:\wamp64\www\espace_client with a '_' !
But why is it renaming it like this ? My .htaccess does not change this...
EDIT : I finally found the problem ! It seems like my public IP was shared with another server in my domain... So, the site was reachable from all PCs not in my domain but for the others, I had a redirection to an other server who does not work anymore...
Thanks for help !!
I'm setting up a new site locally on a Windows machine for testing. In the document root, if I have an index.html it is served to the browser without problem. If I rename it index.php, the browser receives nothing. No error is raised server-side. I'm trying to understand why.
Vhosts
<VirtualHost *:80>
DocumentRoot "C:\websites\learn"
ServerName learn.loc
LogLevel alert rewrite:trace2
#PHP SETTINGS
php_value auto_prepend_file "C:\websites\learn\noop.php"
php_value open_basedir "C:\websites\learn"
<Directory "C:\websites\learn">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Here is the .htaccess file that resides in the document root:
RewriteEngine on
#point to javascript learning project
RewriteRule ^js /javascript
RewriteRule ^js/(.*) /javascript/$1
Here is the mod_rewrite log generated when I load learn.loc/javascript (this folder has an index.php file)
[initial] [perdir C:/websites/learn/] pass through C:/websites/learn/javascript/
[subreq] [perdir C:/websites/learn/] pass through C:/websites/learn/javascript/index.html
[subreq] [perdir C:/websites/learn/] pass through C:/websites/learn/javascript/index.htm
[subreq] [perdir C:/websites/learn/] pass through C:/websites/learn/javascript/index.php
Nothing is added to Apache or PHP error log; The browser itself receives status code 200, along with the following response headers
Date: "..."
Server: "Apache/2.4.16 (Win32) PHP/5.6.23"
X-Powered-By: "PHP/5.6.23"
Content-Length: "0"
Keep-Alive: "timeout=5, max=100"
Connection: "Keep-Alive"
Content-Type: "text/html; charset=UTF-8"
The response body is an empty string. Like I said, if I rename the file to index.html the content (vanilla html file) is shown. What could be going on?
I figured it out. That was just me being careless. The problem was with this line from Vhosts config:
php_value auto_prepend_file "C:\websites\learn\noop.php"
More specifically, what was supposed to be a noop was really an execution killer.
noop.php
<?php
exit; // <- exits not just this script but all of PHP and returns to the browser
Once I removed the 2nd line, things were back in order. This also explains why renaming index.php to index.html got things working: it took PHP out of the loop entirely.
Context
I'm trying to create a white list of file types and disable directory listing on a directory named upload by using .htaccess. For security reasons, I do not want to place the .htaccess file within the upload directory. Instead it will be placed one level up in the file hierarchy.
Issue
I'm getting a 500 HTTP response on the entire website.
Contents of .htaccess
<Directory upload>
Options -Indexes
deny from all
<Files ~ “^w+.(gif|jpe?g|png)$”>
order deny,allow
allow from all
</Files>
</Directory>
UPDATE: Here's the apache error log
Error log
[Sun Feb 14 19:31:52 2016] [alert] [client ::1] /Applications/MAMP/htdocs/bombeiros/.htaccess: <Directory not allowed here
I've got a line of code - which we cannot change that is
$preview = file_get_contents( SITE_URL . "/preview" );
I've got a vhost.conf/htaccess with the following
<Directory /var/www/vhosts/domain.com/httpdocs>
Require valid-user
Order allow,deny
Allow from internal-domain.com
Allow from 127.0.0.1
Satisfy Any
</Directory>
This is working fine regards to accessing the webapp
However when the file_get_contents runs, its triggering the apache auth - thus failing
[Tue Mar 17 11:20:20 2015] [error] [client 178.97.118.254] file_get_contents(http://domain.com/preview): failed to open stream: HTTP request failed! HTTP/1.1 401 Authorization Required\r\n
I cant figure out how to white-list the server from itself regarding this.
I've tried using the hostname, 127.0.0.1, localhost, external ip in an Allow from but they all keep requesting authentication.
How can I allow the server to bypass itself by white-listing it within the vhost.conf?
I am getting the following error from my website in the error logs:
[Wed Jul 02 07:13:58 2014] [error] [client **.**.**.**]
PHP Fatal error: require_once(): Failed opening required '/var/zpanel/hostdata/
zadmin/core/public_html/loader.php' (include_path='.:/usr/share/pear:/usr/share/php')
in /var/zpanel/hostdata/zadmin/public_html/cmcatering_co_uk/index.php on line 3
In index.php I have the following:
<?php
$code_base = "/var/zpanel/hostdata/zadmin/core";
require_once($code_base . "/public_html/loader.php");
?>
The loader.php file is in the correct place and so I am a bit confused as to why this is happening. I tried putting the core folder in /usr/share/php but this did not fix the problem. Any suggestions?
edit:
I have also just seen this error:
[Wed Jul 02 07:36:58 2014] [error] [client 94.10.110.115] PHP Warning: require_once(/usr/share/php/core/public_html/loader.php): failed to open stream: Operation not permitted in /var/zpanel/hostdata/zadmin/public_html/cmcatering_co_uk/index.php on line 3
httpd.conf:
# ZPanel Apache Include file for CentOS Linux
# Written by Bobby Allen, 15/05/2011
# Set the Zpanel Alias (used for development, sable will eventually use a VHOST)
Alias /zpanel /etc/zpanel/panel
# Setup the directory settings and PHP security flags for the Zpanel application directory.
<Directory /etc/zpanel/panel>
Options FollowSymLinks
AllowOverride All
DirectoryIndex index.php
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_value upload_tmp_dir /etc/zpanel/temp
</IfModule>
</Directory>
# Disallow web access to directories that don't need it/that we don't want people looking in!
<Directory /etc/zpanel/panel/cnf>
Order Deny,Allow
Deny from All
</Directory>
# Set server tokens (security??)
ServerTokens Maj
# Now we include the generic VHOST configuration file that holds all the ZPanel user hosted vhost data
Include /etc/zpanel/configs/apache/httpd-vhosts.conf
if you read the error message then you well see:
Operation not permitted
Your webserver process has no permissions to access
/usr/share/php/core/public_html/
In many cases webservers are bound to their root.
/var/zpanel/hostdata/
It looks as though this is a permissions issue due to the operation not permitted error. Look at whether your server is giving php access to the given folder in its configuration. Also just for a sanity check, echo out the filename as it is passed to your require_once.
Would be helpful if you posted your apache site config.
<?php
$code_base = "/var/zpanel/hostdata/zadmin/core";
require_once("<?php echo $code_base; ?>/public_html/loader.php");
?>