Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Setting Apache Security

Posted on 2002-03-05
11
Medium Priority
?
286 Views
Last Modified: 2010-03-04
I'm now using Apache as my sever running on linux..
I don't wanna let others to access the files stored on Apache....
Eg...one can access the files inside test folder using the following link:
174.75.84.32/test/  
how can I prevent others from accessing the files using the method mentioned above?
0
Comment
Question by:usher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
11 Comments
 
LVL 1

Accepted Solution

by:
johnnyp earned 100 total points
ID: 6841551
You can restrict access to your website and any virtual sites on it through the httpd.conf file.

In the global config, within the <Directory> tags for the default DocumentRoot there is an allow,deny section: where you can configure access for individual IP's, hostnames, subnets or domains.

If you simply want to deny access to the /test/ directory, you can configure security through .htaccess files.

Can you be a little more specific with what you want to deny access to, the whole website or just trees from the top level?  Once you let me know, I can go into a little more detail.

0
 

Author Comment

by:usher
ID: 6843394
Actually I intend to set security so that no one can access our sever and steal files from it...

0
 
LVL 1

Expert Comment

by:johnnyp
ID: 6843896
So we are talking purely from a filesystem point of view.  At which point you can use a filewall solution which is shipped with most Linux versions.  RedHat comes with IPCHAINS.

Slightly less intense than a firewall would be to use TPC Wrappers in which you can configure specific inetd or xinetd available daemons to be accessible from selected hosts or domains as I stated in my previous post.

If this is the sort of thing your looking for?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:usher
ID: 6844474
Actually I'm not that familiar with Apache
I have a folder stored under this directory:
apache_1.3.22\htdocs\interface

How can I set things in order to protect the files "interface" under this directory?

0
 

Assisted Solution

by:tommyh
tommyh earned 100 total points
ID: 6862859
create a .htaccess file and put in the directory you wish to protect, it should contain something like;

AuthUserFile </path/.htpasswd>
AuthGroupFile /dev/null
AuthName "Not worth looking at really, so go away"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

where you should replace </path/.htpasswd> with a full path to a folder outside your webroot.

and then cd to the directory you specified in </path/.htpasswd> and run;
htpasswd -c .htpasswd <username> <password>

where username and password are replaced with something suitable, and hey presto, that folder should request a username and password for users browsing items in the folder.



0
 

Author Comment

by:usher
ID: 6866576
Some told me that that's a file storing all the config files for apache...
Do u know where and what's the name of that file?
Btw, would you mind telling me which config file I should change so that the server will send an email automatically to administrator in case the server has problem?
0
 

Expert Comment

by:tommyh
ID: 6868466
the httpd.conf file can be in various places.

/etc/httpd/conf/httpd.conf

is where it is on my linux box,

also you will need to restart httpd if you make any changes.

service httpd restart

or sometimes

apachectl restart



0
 

Author Comment

by:usher
ID: 6894125
How about if I would like to achieve the followings:
When I go to eg http://192.45.23.52/interface/
it will display all the files containing in the interface folder....how could I change the setting so that when people access this link http://192.45.23.52/interface/
it will prompt to a error page instead of allowing people view the files?
0
 
LVL 15

Assisted Solution

by:samri
samri earned 100 total points
ID: 6927299
usher,

By default apache will deny directory listing (At least on 1.3.22 RH7.2).  One option to deny Directory listing is to create an index.html file (or whatever filel defined in DirectoryIndex directive)

a index.html will the following content would do.
----------
<html>
<head>
</head>

<body></body>
</html
----------
0
 
LVL 15

Expert Comment

by:samri
ID: 6927303
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month8 days, 4 hours left to enroll

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question