Apache 2.4 restrict access

apache-2.4

I got the following directories in my /var/www/htdocs:

test123/
test123/cache/
test456/
test456/cache/
test789/
test789/cache/
another_directory/cache/

I would like to achieve this:

access to / for everyone
access to /test123/test.htm + /test456/test.htm + /test789/test.htm for the ip-address 192.168.1.10
no access to all cache-directorys

So I got the following apache 2.4 configuration, but it is not working as expected, because I am still able to access the cache-directories test123/cache, test456/cache and test789/cache.

<VirtualHost *:80>
        DocumentRoot /var/www/htdocs

        <Directory "/var/www/htdocs">
                Options -Indexes +FollowSymLinks
                AllowOverride None
        </Directory>

        <Directory  ~ "/var/www/htdocs/test(123|456|789)">
                Require ip 192.168.1.10
        </Directory>

        <Directory  "/var/www/htdocs/*/cache">
                Require all denied
        </Directory>
</VirtualHost>

What am I doing wrong? Thanks for your help! 🙂

Best Answer

Quotes from the documentation:

<Directory> [...] is processed in the order shortest directory component to longest. For example, <Directory "/var/web/dir"> will be processed before <Directory "/var/web/dir/subdir">.

If multiple <Directory> sections apply to the same directory they are processed in the configuration file order.

This makes your case a little difficult.

From the second statement I'd interpret that it should only be necessary to switch the order of the two <Directory> directives:

<Directory  "/var/www/htdocs/*/cache">
        Require all denied
</Directory>

<Directory  ~ "/var/www/htdocs/test(123|456|789)">
        Require ip 192.168.1.10
</Directory>

If the first matches, it gets denied. Otherwise the second directive should match.

The first statement, however states that the shortest directory is processed first. The shortest here would be the <Directory ~ "/var/www/htdocs/test(123|456|789)">. In that case the order doesn't matter and you will have to look for another solution.

I can't test it right now, so just try to switch the two statements.

Related Solutions

Have two (or more) Apache VirtualHosts separated by subdirectories

VirtualHost is used when you want to have a separate domain name for each site. When apache chooses which virtualhost to use, it looks at the domain name part of the URL. So when that part is the same, it means you cannot split it up using VirtualHosts.

You have two choices:

Use separate hostnames, e.g. drupal.example.com and wordpress.example.com instead of example.com/drupal and example.com/wordpress
Use another way to separate the two sites.

In the former case, you would keep your VirtualHost configs but you would change the ServerName in each.

In the latter case, you would remove the VirtualHost configuration and instead do something like

    Alias /drupal /l/disk0/drupal/public_html
    <Directory /l/disk0/drupal/public_html>
            Options MultiViews Indexes Includes FollowSymLinks ExecCGI
            AllowOverride All
            Require all granted
            allow from all
    </Directory>

    Alias /wordpress /l/disk0/wordpress/public_html
    <Directory /l/disk0/wordpress/public_html>
            Options MultiViews Indexes Includes FollowSymLinks ExecCGI
            AllowOverride All
            Require all granted
            allow from all
    </Directory>

NginX reverse proxy with iRedMail Apache2

Your problem is here:

location ~ \.php$ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8080/;
}

You cannot use proxy_pass in a location that is not static. You should do it the other way around. Make a list of things that shall be loaded locally by nginx and then pass the location / using proxy_pass back to Apache.

Best Answer

Related Solutions

Have two (or more) Apache VirtualHosts separated by subdirectories

NginX reverse proxy with iRedMail Apache2

Related Topic