PDA

View Full Version : .htaccess not working with apache2 O_O



James-
03-29-2006, 02:36 AM
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory>
AllowOverride ALL
Options FollowSymLinks
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "C:/public_html">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks ExecCGI

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all

</Directory>

#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received. Be especially careful to use
# proper, forward slashes here. On Windows NT, "Personal/My Website"
# is a more appropriate choice.
#
UserDir "My Documents/My Website"

#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
# You must correct the path for the root to match your system's configured
# user directory location, e.g. "C:/WinNT/profiles/*/My Documents/My Website"
# or whichever, as appropriate.
#
#<Directory "C:/Documents and Settings/*/My Documents/My Website">
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# <Limit GET POST OPTIONS PROPFIND>
# Order allow,deny
# Allow from all
# </Limit>
# <LimitExcept GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </LimitExcept>
#</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
DirectoryIndex index.html index.html.var

#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
AccessFileName .htaccess
AccessFileName ht.acl

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>

I've tried to set up .htaccess for a couple of my directories so that people don't go looking in places that they shouldn't. I am currently running Windows XP SP2 with Apache 2 with PHP5 SQL5.0 and Active Perl.I put that to to make the server see .htaccess or ht.acl files(same thing)
Some how It does not seem to want to work! >_<!! ps my server is installed at C:\public_html and I don't know what path I should put in the .htaccess either(I wanna protect the 1st lvl

mwinter
03-29-2006, 02:52 PM
<Directory>
AllowOverride ALL
Options FollowSymLinks
</Directory>You seem to have modified that to make it less secure (and broken the directive in the process). If anything, the Directory directive for the root directory should be made more restrictive than it is by default:



<Directory />
Options FollowSymLinks
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
This prevents Apache from serving anything unless you explicitly permit it. Also note that the forward slash in the opening Directory directive is significant. You can't omit it.


I've tried to set up .htaccess for a couple of my directories so that people don't go looking in places that they shouldn't.First of all, if you have access to the server configuration file (httpd.conf), then modify that when making permanent changes. It's more efficient for the server than creating access files, which it must parse for every request that enters that directory or subdirectory.

Secondly, the suggestion I made above may be all that you need. When included, it's up to other Directory directives to override the restrictions and allow access to users.

If this hasn't helped, I think you're going to have to supply more information. Who are these other people? Specific users or just visitors in general? What are the directories that you want to protect? Are you looking for password protection, or simpler access control?

Mike

James-
03-29-2006, 04:55 PM
I am looking to just say ACCESS DENIED when they go to the root folder(where my phpmyadmin folder is and I don't want them to explore the directories that they shouldn't suppost to. I have complete control over the server seeing as it is on a computer in my bedroom.

Twey
03-29-2006, 05:00 PM
Mike's example will do this.

James-
03-29-2006, 05:03 PM
Still didn't make a diffrence I can still see my root folder http://24.203.234.169:8080

mwinter
03-29-2006, 10:36 PM
Still didn't make a diffrence I can still see my root folder [...]I would have thought that you would want to be able to.

The key here, as shown in my previous post, is the Order and Allow/Deny directives. The second Directory directive in your post (that applies to the public_html directory) contains these directives. Currently, they are:



Order allow,deny
Allow from all
which means that Deny directives should be applied after all Allow directives (this means that Deny would take precedence in any conflict), and that all users are allowed access to the contents of that directory.

If you want to deny everyone, then change those two to:



Order Deny,Allow
Deny from all
If you want to give yourself sole access from the same machine, then add after that:



Allow from 127.0.0.1
Hope that helps,
Mike

James-
03-29-2006, 11:44 PM
Yup yup it worked! XD thank you!