Setting Apache Security

I'm now using Apache as my sever running on linux..
I don't wanna let others to access the files stored on Apache....
Eg...one can access the files inside test folder using the following link:
174.75.84.32/test/  
how can I prevent others from accessing the files using the method mentioned above?
usherAsked:
Who is Participating?
 
johnnypConnect With a Mentor Commented:
You can restrict access to your website and any virtual sites on it through the httpd.conf file.

In the global config, within the <Directory> tags for the default DocumentRoot there is an allow,deny section: where you can configure access for individual IP's, hostnames, subnets or domains.

If you simply want to deny access to the /test/ directory, you can configure security through .htaccess files.

Can you be a little more specific with what you want to deny access to, the whole website or just trees from the top level?  Once you let me know, I can go into a little more detail.

0
 
usherAuthor Commented:
Actually I intend to set security so that no one can access our sever and steal files from it...

0
 
johnnypCommented:
So we are talking purely from a filesystem point of view.  At which point you can use a filewall solution which is shipped with most Linux versions.  RedHat comes with IPCHAINS.

Slightly less intense than a firewall would be to use TPC Wrappers in which you can configure specific inetd or xinetd available daemons to be accessible from selected hosts or domains as I stated in my previous post.

If this is the sort of thing your looking for?
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
usherAuthor Commented:
Actually I'm not that familiar with Apache
I have a folder stored under this directory:
apache_1.3.22\htdocs\interface

How can I set things in order to protect the files "interface" under this directory?

0
 
tommyhConnect With a Mentor Commented:
create a .htaccess file and put in the directory you wish to protect, it should contain something like;

AuthUserFile </path/.htpasswd>
AuthGroupFile /dev/null
AuthName "Not worth looking at really, so go away"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

where you should replace </path/.htpasswd> with a full path to a folder outside your webroot.

and then cd to the directory you specified in </path/.htpasswd> and run;
htpasswd -c .htpasswd <username> <password>

where username and password are replaced with something suitable, and hey presto, that folder should request a username and password for users browsing items in the folder.



0
 
usherAuthor Commented:
Some told me that that's a file storing all the config files for apache...
Do u know where and what's the name of that file?
Btw, would you mind telling me which config file I should change so that the server will send an email automatically to administrator in case the server has problem?
0
 
tommyhCommented:
the httpd.conf file can be in various places.

/etc/httpd/conf/httpd.conf

is where it is on my linux box,

also you will need to restart httpd if you make any changes.

service httpd restart

or sometimes

apachectl restart



0
 
usherAuthor Commented:
How about if I would like to achieve the followings:
When I go to eg http://192.45.23.52/interface/
it will display all the files containing in the interface folder....how could I change the setting so that when people access this link http://192.45.23.52/interface/
it will prompt to a error page instead of allowing people view the files?
0
 
samriConnect With a Mentor Commented:
usher,

By default apache will deny directory listing (At least on 1.3.22 RH7.2).  One option to deny Directory listing is to create an index.html file (or whatever filel defined in DirectoryIndex directive)

a index.html will the following content would do.
----------
<html>
<head>
</head>

<body></body>
</html
----------
0
 
samriCommented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.