Apache
From Luke Jackson
Revision as of 03:15, 15 August 2007 (edit) Ljackson (Talk | contribs) (→FAQs) ← Previous diff |
Current revision (02:53, 12 October 2020) (edit) Ljackson (Talk | contribs) (→Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/) |
||
Line 5: | Line 5: | ||
The following configuration will configure Apache to automatically redirect HTTP requests to HTTPS, i.e. http://www.website.com to https://www.website.com. | The following configuration will configure Apache to automatically redirect HTTP requests to HTTPS, i.e. http://www.website.com to https://www.website.com. | ||
- | httpd.conf: | + | '''httpd.conf''': |
RewriteEngine On | RewriteEngine On | ||
Line 11: | Line 11: | ||
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] | RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R] | ||
- | .htaccess: | + | '''.htaccess''': |
RewriteEngine On | RewriteEngine On | ||
Line 17: | Line 17: | ||
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R] | RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R] | ||
- | Remember, if you put this rule in the main server configuration file (usually httpd.conf) rather than an .htaccess file, you'll need to use '''^/''' instead of '''^''' at the beginning of the RewriteRule line. Because of this there are two code snippets above, one for httpd.conf and one for .htaccces. | + | Remember, if you put this rule in the main server configuration file (usually httpd.conf) rather than an .htaccess file, you'll need to use '''"^/"''' instead of '''"^"''' at the beginning of the RewriteRule line. Because of this there are two code snippets above, one for httpd.conf and one for .htaccces. |
=== How do I change the length of the URLs generated by mod_autoindex? === | === How do I change the length of the URLs generated by mod_autoindex? === | ||
Line 60: | Line 60: | ||
* Create an empty file in the affected directory. | * Create an empty file in the affected directory. | ||
touch index.htm | touch index.htm | ||
+ | |||
+ | === Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/ === | ||
+ | |||
+ | Previously the Apache server was configured to list files present in the root folder of any Virtual Host if a .htaccess file with the correct Options permissions was present. | ||
+ | |||
+ | Options FollowSymLinks ExecCGI Indexes | ||
+ | |||
+ | Presumably after an upgrade via yum at some point the addition of the following was added to the conf.d folder | ||
+ | |||
+ | -rw-r--r-- 1 root root 299 Oct 11 22:33 welcome.conf | ||
+ | |||
+ | <pre> | ||
+ | # This configuration file enables the default "Welcome" | ||
+ | # page if there is no default index page present for | ||
+ | # the root URL. To disable the Welcome page, comment | ||
+ | # out all the lines below. | ||
+ | # | ||
+ | <LocationMatch "^/+$"> | ||
+ | Options -Indexes | ||
+ | ErrorDocument 403 /error/noindex.html | ||
+ | </LocationMatch> | ||
+ | </pre> | ||
+ | |||
+ | This triggered the 403 redirect of any requests to the root folder of the Virtual Host and also restricted "Directory Indexing" via the Options attribute. This was not at all intuitive as the error codes present in the http error logs simply indicated that Directory Indexing was restricted by an Options attribute but it did NOT indicate where that instruction was being issued. | ||
+ | |||
+ | After too much time coincidentally I read the right side of the 403 error page below: | ||
+ | |||
+ | <pre> | ||
+ | If you are the website administrator: | ||
+ | You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf. | ||
+ | </pre> | ||
+ | |||
+ | This is the Options attribute which was overriding the .htaccess file as it was being applied after the redirect request which was trigged by no index file existing in the Virtual-Host root folder which matched the criteria specified in httpd.conf | ||
+ | |||
+ | DirectoryIndex index.htm index.php | ||
+ | |||
+ | After commenting out the welcome.conf <LocationMatch> all sites demonstrated expected behavior of .htaccess and their respective Options attributes. | ||
+ | |||
+ | === Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration === | ||
+ | |||
+ | mod_access has changed to authz_host_module. Please load the following module to httpd.conf: | ||
+ | |||
+ | LoadModule authz_host_module modules/mod_authz_host.so | ||
+ | |||
+ | === Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included in the server configuration === | ||
+ | |||
+ | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so | ||
+ | |||
+ | === configuration error: couldn't check access. No groups file?: / === | ||
+ | |||
+ | LoadModule authz_user_module modules/mod_authz_user.so | ||
+ | |||
+ | === Enforce password authentication unless accessing from local network === | ||
+ | |||
+ | Add the following lines to your .htaccess file: | ||
+ | |||
+ | <pre> | ||
+ | AuthUserFile /www/server.com/stuff/htdocs/.htpasswd | ||
+ | AuthGroupFile /dev/null | ||
+ | AuthName "Secrets :)" | ||
+ | AuthType Basic | ||
+ | |||
+ | require valid-user | ||
+ | Allow from 192.168.85.0/24 | ||
+ | Satisfy Any | ||
+ | |||
+ | Options FollowSymLinks ExecCGI Indexes | ||
+ | </pre> | ||
[[Category:Linux]] | [[Category:Linux]] | ||
[[Category:Mac OS X]] | [[Category:Mac OS X]] |
Current revision
FAQs
How to redirect HTTP to HTTPS using mod_rewrite.
The following configuration will configure Apache to automatically redirect HTTP requests to HTTPS, i.e. http://www.website.com to https://www.website.com.
httpd.conf:
RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
.htaccess:
RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]
Remember, if you put this rule in the main server configuration file (usually httpd.conf) rather than an .htaccess file, you'll need to use "^/" instead of "^" at the beginning of the RewriteRule line. Because of this there are two code snippets above, one for httpd.conf and one for .htaccces.
How do I change the length of the URLs generated by mod_autoindex?
The NameWidth keyword allows you to specify the width of the filename column in bytes.
- -NameWidth (or unset) allows mod_autoindex to calculate the best width.
- NameWidth=n fixes the column width to n bytes wide.
- NameWidth=* grows the column to the necessary width.
Below is an example on how to edit your httpd.conf file to enable unlimited characters:
# IndexOptions: Controls the appearance of server-generated directory # listings. # IndexOptions FancyIndexing VersionSort NameWidth=*
(13)Permission denied: /www/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
This can range in exact location but at the core it is a permissions issue.
- While child directories of the DocumentRoot can have a permission value of 744 the DocumentRoot needs to have a permission of 755.
- Ensure all .htaccess files have a permission of 755
chmod -R 755 <dir_or_file(s)>
Access forbidden! You don't have access to the requested directory...
There is either no index document or the directory is read-protected.
Allow Directory Listing
- Create .htaccess file in the affected directory and copy the text below into the file.
Options FollowSymLinks ExecCGI Indexes
Create DirectoryIndex File
- Determine Allowable DirectoryIndex extensions from the DirectoryIndex line in your httpd.conf file.
- Create an empty file in the affected directory.
touch index.htm
Directory index forbidden by Options directive: /www/<Virtual-Host-Path-HERE>/htdocs/
Previously the Apache server was configured to list files present in the root folder of any Virtual Host if a .htaccess file with the correct Options permissions was present.
Options FollowSymLinks ExecCGI Indexes
Presumably after an upgrade via yum at some point the addition of the following was added to the conf.d folder
-rw-r--r-- 1 root root 299 Oct 11 22:33 welcome.conf
# This configuration file enables the default "Welcome" # page if there is no default index page present for # the root URL. To disable the Welcome page, comment # out all the lines below. # <LocationMatch "^/+$"> Options -Indexes ErrorDocument 403 /error/noindex.html </LocationMatch>
This triggered the 403 redirect of any requests to the root folder of the Virtual Host and also restricted "Directory Indexing" via the Options attribute. This was not at all intuitive as the error codes present in the http error logs simply indicated that Directory Indexing was restricted by an Options attribute but it did NOT indicate where that instruction was being issued.
After too much time coincidentally I read the right side of the 403 error page below:
If you are the website administrator: You may now add content to the directory /var/www/html/. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file /etc/httpd/conf.d/welcome.conf.
This is the Options attribute which was overriding the .htaccess file as it was being applied after the redirect request which was trigged by no index file existing in the Virtual-Host root folder which matched the criteria specified in httpd.conf
DirectoryIndex index.htm index.php
After commenting out the welcome.conf <LocationMatch> all sites demonstrated expected behavior of .htaccess and their respective Options attributes.
Invalid command 'Order', perhaps misspelled or defined by a module not included in the server configuration
mod_access has changed to authz_host_module. Please load the following module to httpd.conf:
LoadModule authz_host_module modules/mod_authz_host.so
Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included in the server configuration
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
configuration error: couldn't check access. No groups file?: /
LoadModule authz_user_module modules/mod_authz_user.so
Enforce password authentication unless accessing from local network
Add the following lines to your .htaccess file:
AuthUserFile /www/server.com/stuff/htdocs/.htpasswd AuthGroupFile /dev/null AuthName "Secrets :)" AuthType Basic require valid-user Allow from 192.168.85.0/24 Satisfy Any Options FollowSymLinks ExecCGI Indexes