I need some help with this simple directory access rules - sorry I just started playing with Apache 2.4 and not done this before.
I have configured Apache 2.4 to a stage where I can see a login for for protected resources and once I enter the user/pass I get access to the protected resourced.
Now I want to do the following which I am not sure how I can get this done.
Web root is set to /var/www
/var/www/login - anyone can access, no auth required as this folder contains login.html and logout.html. ( I got this working)
/var/www - all other contents in the root of my app can only be accessed after authentication. This is the part I don't know how to setup.
My vhost conf looks like this.
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "/var/www"
ServerName auth-test.ml.com
ErrorLog "logs/test-error_log"
CustomLog "logs/test-access_log" common
<Directory "/var/www">
AuthFormProvider file
AuthType form
AuthName "Reserved Area"
Session On
SessionCookieName session path=/
require valid-user
# This is the login page
ErrorDocument 401 /login/index.html
# This is the file containing users login data
AuthUserFile /usr/local/apache2/auth/.htpasswd
</Directory>
<Directory /var/www/login>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
AT the moment when I access the app like http://example.com I expect to see the login.html page returned but I get the following error message:
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
Additionally, a 401 Unauthorized error was encountered while trying to use an ErrorDocument to handle the request.
How can I make this work?
Figured it out. It was as simple as using Directory to first deny access to all to the root document and only allow valid users.
Using another Directory to open access to all to the auth folder.
Related
I locally setup a wordpress project by using a backup and the sub pages are not working in the project only giving the error message below eg- when i tried to go to the about us page it gives the below error in the browser
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
localhost
Apache/2.4.41 (Win64) OpenSSL/1.1.1c PHP/7.2.26
It's look like server error, Please confirm that you have correctly setup vertual host.
Here is code to create virtual host.
On Xampp:
<VirtualHost wp.local:80>
DocumentRoot "D:\dev\wp"
ServerName wp.local
ServerAlias wp.local
<Directory "D:\dev\wp">
DirectoryIndex index.php
Require all granted
Allowoverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
So, I have my symfony 4 website, using multi domain.
It's not different websites, it's one website, with different languages, so I have example.com, en.example.com, ...
If we log on example.com, it works, but it doesn't make the user logged in on en.example.com.
I tried to set the config as I've seen in framework.yml:
framework:
session:
handler_id: ~
cookie_domain: '.localhost'
name: SFSESSION
But it simply breaks the login (there's no error but it 'triggers' a fail login, and no cookie is set.
If I set 'en.localhost' as a domain, it works for that subdomain, but no others obviously.
I made a test page with that code:
<?php
$currentCookieParams = session_get_cookie_params();
$rootDomain = '.localhost';
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
$rootDomain,
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
session_start();
The result is that when I access localhost, I have a php cookie (on my symfony app, a similar config leads to no cookie), but if I go to test.localhost, I have nothing.
I tried to install the apache pack ( https://symfony.com/doc/current/setup/web_server_configuration.html )
And to set
php_value session.cookie_domain ".localhost"
In the .htaccess, and it doesn't work, I login on subdomain and nowhere else; it's like the htaccess is ignored.
What am I missing ?
Thank you
In the end, I used the apache configuration to achieve it (on production, not on my wamp).
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAlias *
DocumentRoot /var/www/html/examplewebsite/public
DirectoryIndex /index.php
<Directory /var/www/html/examplewebsite/public>
AllowOverride None
Order Allow,Deny
Allow from All
php_value session.cookie_domain example.com
FallbackResource /index.php
</Directory>
# uncomment the following lines if you install assets as symlinks
# or run into problems when compiling LESS/Sass/CoffeeScript assets
# <Directory /var/www/project>
# Options FollowSymlinks
# </Directory>
# optionally disable the fallback resource for the asset directories
# which will allow Apache to return a 404 error when files are
# not found instead of passing the request to Symfony
<Directory /var/www/project/public/bundles>
FallbackResource disabled
</Directory>
ErrorLog /var/log/apache2/project_error.log
CustomLog /var/log/apache2/project_access.log combined
# optionally set the value of the environment variables used in the application
#SetEnv APP_ENV prod
#SetEnv APP_SECRET <app-secret-id>
#SetEnv DATABASE_URL "mysql://db_user:db_pass#host:3306/db_name"
</VirtualHost>
The line that matters is:
php_value session.cookie_domain example.com
Apparently:
If you don't set the cookie_domain : by default the cookie is specific to the subdomain (or without subdomain) that is in the url.
If you set : .example.com : every subdomain share the cookie, but not the domain without subdomain (example.com)
If you set example.com : the simple domain, and the subdomains all share the cookie.
I'm not 100% sure it doesn't work on my wamp, didn't try for now.
When I open my website URL it shows Index /
1) I have index.php in the same directory
2) Config file at /etc/apache2/sites-available/example.com.conf
has following code:
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/intricare>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
DirectoryIndex index.php
Order allow,deny
allow from all
</Directory>
If I Refresh the URL again it loads the website without issue.
URL: intricare.net
Your problem is a cache somewhere on your network. When you manually refresh the site, your browser sends an extra header telling the server it desires a fresh copy: cache-control: no-cache.
If that header is sent, the current/correct version of the page is returned. If it is not, the cached directory listing is.
If you have curl installed, you can test it yourself with
curl https://www.intricare.net/
and
curl -H "cache-control:no-cache" https://www.intricare.net/
The latter produces the correct output.
If you're using any caching plugins: make them clear the cache. It might also be your hosting provider that is providing the cache, in that case look at their FAQs or ask them how to clear it.
I have setup a virtual host with Basic Auth.
<Directory ~ "^/home/www/.*/">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
Order allow,deny
DirectoryIndex index.html index.php
AuthType Basic
AuthName "HALMA"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
Allow from 10.0.0
Satisfy Any
</Directory>
<Files ~ "\.(htaccess|inc|tpl)$">
Order deny,allow
Deny from all
</Files>
( The Files Section could be in a .htaccess, too - same effect)
Now .htaccess, .inc and .tpl files are accessible if the user authenticates successfully to the Basic Auth, which is not the intended behavior. The file restrictions should always be active, preventing any user from accessing critical files, logged-in or not.
I tried moving the Files-Section from vhost config to .htaccess and vice versa, commenting out the 10.0.0.
If I comment out the whole Auth stuff it works.
Would be glad, if someone could point me in the right direction.
This was working for years until I did something that has now jacked this up....
Searching on this topic landed me in several places that basically said: You need to check the Wordpress URL and the site URL in the general settings in Wordpress. I have done so and they are both: http://www.petesworkshop.com/blog_wp . Yet, when I hit that URL I am redirected to my internal IP and get a error http://10.0.10.206/blog_wp (yep, that would be wrong!
Interestingly enough, I can get to the admin page just fine and it is just a subfolder of blog_wp. So, somehow things directed to /blog_wp return the IP but everything else is OK. Wierd.
Wordpress sits behind an Apache proxy which has this directive for the virtual host:
<VirtualHost *:80>
ServerName www.petesworkshop.com
ServerAlias petesworkshop.com
ProxyPass / http://10.0.10.206:5080/
ProxyPassReverse / http://10.0.10.206:5080/
</VirtualHost>
The server running the website behind the proxy has this:
DocumentRoot "/www/petes/htdocs/petesworkshop/"
ServerName www.petesworkshop.com
ServerAlias petesworkshop.com
DirectoryIndex index.html index.php index.htm
ErrorLog logs/petesworkshop.log
Options FollowSymLinks
Alias /blog_wp /www/petes/htdocs/petesworkshop/blog_wp
<Directory /www/petes/htdocs/petesworkshop/blog_wp >
Order Allow,Deny
Allow From all
</Directory>
<Directory /www/petes/htdocs/petesworkshop >
Order Allow,Deny
Allow From all
</Directory>
I am not sure how I jacked this up...it is probably something that I did to the Apache configuration but I can't be sure since everything else behind the proxy works fine. I even tried adding specific ProxyPass entries for /blog_wp but that didn't make any difference.
Stumped...
Check your wp-config.php for correct urls
like below
define('WP_HOME','http://example.com');
define('WP_SITEURL','http://example.com');
This one turned out to be an Apache proxy issue. What I needed was to add 'ProxyPreserveHost On' to the configuration, which I thought I had in there originally but I either removed it in an edit or had it placed in the wrong virtual host. In any case, adding the ProxyPreserveHost On flag, took care of the issue. Not sure why other entries in the same virtual host DID work without it but I am not going to worry about it.
I had a similar problem some time ago, whenever I wrote my domain in the browser it was solved correctly but my domain name was changed by the IP, after much research it turned out that the problem was in the hosting, not in the server, so which only change the configuration of my domain in GoDaddy since I was only doing a redirection but the correct thing was to create an A record that points to # (which represents your domain name) and everything started to work correctly. I hope it's help