Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Setting Apache Security

Posted on 2002-03-05
11
Medium Priority
?
290 Views
Last Modified: 2010-03-04
I'm now using Apache as my sever running on linux..
I don't wanna let others to access the files stored on Apache....
Eg...one can access the files inside test folder using the following link:
174.75.84.32/test/  
how can I prevent others from accessing the files using the method mentioned above?
0
Comment
Question by:usher
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 1

Accepted Solution

by:
johnnyp earned 100 total points
ID: 6841551
You can restrict access to your website and any virtual sites on it through the httpd.conf file.

In the global config, within the <Directory> tags for the default DocumentRoot there is an allow,deny section: where you can configure access for individual IP's, hostnames, subnets or domains.

If you simply want to deny access to the /test/ directory, you can configure security through .htaccess files.

Can you be a little more specific with what you want to deny access to, the whole website or just trees from the top level?  Once you let me know, I can go into a little more detail.

0
 

Author Comment

by:usher
ID: 6843394
Actually I intend to set security so that no one can access our sever and steal files from it...

0
 
LVL 1

Expert Comment

by:johnnyp
ID: 6843896
So we are talking purely from a filesystem point of view.  At which point you can use a filewall solution which is shipped with most Linux versions.  RedHat comes with IPCHAINS.

Slightly less intense than a firewall would be to use TPC Wrappers in which you can configure specific inetd or xinetd available daemons to be accessible from selected hosts or domains as I stated in my previous post.

If this is the sort of thing your looking for?
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 

Author Comment

by:usher
ID: 6844474
Actually I'm not that familiar with Apache
I have a folder stored under this directory:
apache_1.3.22\htdocs\interface

How can I set things in order to protect the files "interface" under this directory?

0
 

Assisted Solution

by:tommyh
tommyh earned 100 total points
ID: 6862859
create a .htaccess file and put in the directory you wish to protect, it should contain something like;

AuthUserFile </path/.htpasswd>
AuthGroupFile /dev/null
AuthName "Not worth looking at really, so go away"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

where you should replace </path/.htpasswd> with a full path to a folder outside your webroot.

and then cd to the directory you specified in </path/.htpasswd> and run;
htpasswd -c .htpasswd <username> <password>

where username and password are replaced with something suitable, and hey presto, that folder should request a username and password for users browsing items in the folder.



0
 

Author Comment

by:usher
ID: 6866576
Some told me that that's a file storing all the config files for apache...
Do u know where and what's the name of that file?
Btw, would you mind telling me which config file I should change so that the server will send an email automatically to administrator in case the server has problem?
0
 

Expert Comment

by:tommyh
ID: 6868466
the httpd.conf file can be in various places.

/etc/httpd/conf/httpd.conf

is where it is on my linux box,

also you will need to restart httpd if you make any changes.

service httpd restart

or sometimes

apachectl restart



0
 

Author Comment

by:usher
ID: 6894125
How about if I would like to achieve the followings:
When I go to eg http://192.45.23.52/interface/
it will display all the files containing in the interface folder....how could I change the setting so that when people access this link http://192.45.23.52/interface/
it will prompt to a error page instead of allowing people view the files?
0
 
LVL 15

Assisted Solution

by:samri
samri earned 100 total points
ID: 6927299
usher,

By default apache will deny directory listing (At least on 1.3.22 RH7.2).  One option to deny Directory listing is to create an index.html file (or whatever filel defined in DirectoryIndex directive)

a index.html will the following content would do.
----------
<html>
<head>
</head>

<body></body>
</html
----------
0
 
LVL 15

Expert Comment

by:samri
ID: 6927303
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses
Course of the Month13 days, 19 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question