Ubuntu Servers :: Htaccess Won't Secure A Directory
Nov 22, 2010
I installed AWSTATS on my LAMP 10.04 LTS and followed several tutorials URL...) but I can't secure the folder, either by an alias or by .htaccess. I tried both methods manually and by using Webmin.If you go to the URL www.mywebsite/awstats/awstats.pl it shows up, which is good, but this is the default installation site and anyone who knows awstats could possibly see my stats. The conf folder is /etc/awstats/, and I did an alias for that, then .htacess, but neither worked. With the .htaccess, I would get a password promt but the full stats page was visible behind the password promt, and if you clicked "Cancel" about 20 times or so the promt would go away and the full stats page would be visible.
The actual file that powers awstats is in /usr/share/lib/cgi-bin/awstats.pl, and I also tried an Alias and .htaccess seperately and neither worked.I restarted apache2 after each change and I've searched several forums, but I still can't figure this out.
View 2 Replies
ADVERTISEMENT
Mar 14, 2010
I've setup Kerberos and OpenLDAP servers (9.10) similar to the official documentation (and other sites that fill in the "gaps"). However, when you start to get in to some of the details, there seem to be many options - and I guess I'm looking for what could be the defacto standard. I'd like to allow Ubuntu clients to have a sso capability, with the ability for local caching of passwords if not connected to the network (such as a laptop user away from the office, prior to a VPN). I'd like to automount a secure NFS share somewhere in the /home directory. If the user logs in to a computer they've not logged in to before (if they're authorized), it would be nice if a skeleton /home directory could be setup there automatically I'm guessing that it is not desirable to use a shared /home NFS - as if you're off the network this would be problematic - as well as multiple computers sharing the same /home. There are some benefits to a shared /home (SSH certs, etc.), so maybe there is a hybrid approach out there.
I've read that it's not necessarily good practice to have OpenLDAP to do the authentication (leave this to Kerberos), but it's fine for authorization (such as ACLs for logins to certain computers). It's also good practice to use TLS with OpenLDAP (which requires public certs on all the clients) and to not allow anonymous read to the directory. I would guess that a computer host keytab could be refreshed to bind to the OpenLDAP server via GSSAPI / SASL to allow a non-anonymous read, and then determine if, say, the user was a member of a group allowed to log in. Kerberos would then pick up and authenticate the user and then proceed to the login. Off the network here, I'm not sure. I found this document, but it's self declared missing items: [URL]
I'll stop the rambling, but I cannot be the only one who would like to setup a relatively standard and secure server based network authentication and authorization back-end. Is there any _complete_ documentation on the best practices and how to implement?
View 4 Replies
View Related
Jun 15, 2011
I am using Apache with Kerberos security enabled. The http page simply lists the directories contained in /var/www/html. I want to make only one of the directories in the document root secured so that when someone clicks on it, it requires him/her to enter credentials. Right now when I place the .htaccess file in the directory I want to protect, the directory is hidden from the list and the user has to enter the whole path to get authenticated and access the files.
I've tried Options +Indexes which was posted all over the net, but it didn't work.
View 3 Replies
View Related
Aug 17, 2010
the questions is how to get per directory config working for lighttpd? so far from googling i've seen people trying to use conditionals to match certain rules for a vhost , but i don't think that messing around with the main config file for each directory/vhost/whatever is such a good idea.
More importantly , i'm looking for a standardized method to achieve this which would work by simple putting an htaccess-like file into a directory and do the magic. i'm not interested in maintaining apache htaccess syntax , only to get the per directory config to work regardless of the syntax used.
View 3 Replies
View Related
Sep 1, 2011
I am changing domain name for web, web is staying on same IP / ServerI want www.OLD.com to redirect (change address name in browser) to at the moment both point to same IP..am not sure why but this .htaccess is not working.
Code:
#Options +FollowSymLinks
RewriteEngine on
[code]....
View 1 Replies
View Related
Feb 9, 2010
I'm a newb when it comes to linux operating systems so I'm attempting to get better through experience. I work for a web development company and we use Ubuntu for our operating systems (the programmers at least). Anyways, I'm trying to install LAMP services and get them working. I have all L.A.M.P. services installed... but Apache2 is giving me a problem. I have an .htaccess file installed in a directory under my document root. But Apache2 is not interpreting it. I have AllowOverride All on but I can't figure it out. I did make a bogus .htaccess file attempting to make apache give me a error, nothing.
View 2 Replies
View Related
Jan 27, 2011
I am running into a very strange problem where my my .htaccess file keep getting deleted.Attempted scenarios ftp upload file.txt rename to .htaccess ftp upload .htaccess ssh - wget url/.htaccess ssh - wget url/htaccess.txt, rename to .htaccess
[Code]...
View 7 Replies
View Related
Mar 10, 2010
I looked at my apache2 logs. Code:[Wed Mar 10 01:56:34 2010] [crit] [client 192.168.1.100] (13)Permission denied: /home/user/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable the server is located at /etc/apache2 the default place.
View 1 Replies
View Related
Apr 6, 2010
I have followed the tutorial from this site [URL]. I have changed this file /etc/apache2/sites-available/default and in this file I have changed AllowOverride None to AllowOverride All but still I get:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. I have installed and reinstalled apache 2 time already.
View 8 Replies
View Related
Apr 29, 2010
I am not sure what happened, but my .htaccess file is no longer working for my 301 redirects. I did have a hard time getting it working a few weeks back (when I first set it up), unfortunately I did not document it well. Main question is for multiple sites getting redirected, do I want the additional sites listed as aliases? My original setup virtual host config listed seven additional hostnames as aliases.
I later had difficulty with google listing these secondary domains within search result and hurting my page rank. So I setup 301 redirects, and from memory, I had to leave the alias names for the .htacces 301 redirect to work. Now it won't work either way. Can anyone tell me if the aliases need to be in place? Do I need to setup individual vhost files and add an .htacces 301 for each? What is the preferred way to do this? I tried reloading apache2 but it did not help.
Permissions for .htacces:
Code:
-rwxr-xr-x 1 eric www-data 866 2010-04-14 12:06 .htaccess
Attaced is my .htaccess. It resides in the site root directory. Also attached is the virtual host config file.
httpd.conf
Code:
NameVirtualHost *
NameVirtualHost *:443
AddHandler cgi-script .pl
RewriteEngine On
I'm still not sure after hours of reading the various how-to's, what should the file permissions be for the .htaccess. I have not performed any updates during the period it was working till now.
View 2 Replies
View Related
Jul 12, 2010
I have an existing blog that I migrated to ubuntu server recently. The site was running fine until I transfered it over to ubuntu. I get a 404 error whenever I view pages that is not my index. I believe it has to do with my .htaccess file.
I have enclosed the .htaccess and my default file taken from sites-enabled.
.htaccess
Code:
#####################
#PREVENT viewing of .htaccess file
<Files .htaccess>
order allow,deny
[Code].....
View 9 Replies
View Related
Aug 10, 2010
How can I redirect my URL after a site move.I have phpBB forum software installed on a 10.04 server, and I recently moved the forums from mysite.com/forums/ to mysite.com/.
So, a thread that looked like
mysite.com/forums/viewtopic=...
now looks like
[code]...
View 2 Replies
View Related
Sep 29, 2010
We are trying to migrate from a centos server to ubuntu server, but we have some problems with an application called Topincs [url].
The installation is quite simple and I did it several time (but with ubuntu it's the first time).
Probably there are some parameters to set that I don't know, but even if the installation works fine and I can see the home page, the application doesn't work because RewriteRules aren't applied.
First I tried to ensure that mod_rewrite works fine and I found a weird situation: rewriterules work if they are in .htaccess but don't work if they are directly in http.conf.
View 4 Replies
View Related
Dec 16, 2010
Is anyone here fluent with the usage of the .htaccess file? Is it the way to go to deter search bots or is there a better method? Never mind. I already have a thread about .htaccess here.
View 1 Replies
View Related
Jul 22, 2010
After reading this pdf on top 5 things to log for security, ive decided to attempt this for my webserver. how i might setup some logging systems to do these tasks. Basic things i need to be able to do: Record things like password attempts on htaccess files, from what IP address, and how many attempts there were. Any useful links anyone can think of to get me started? Im a student programmer at university so any programming i should be able to cope fine.
View 2 Replies
View Related
Aug 27, 2009
I have a project in my web server (apache tomcat). I am using red hat. I have flashfiles directory in webapps/myproject/flashfiles. I can possibly access the files in the flashfiles directory as
http://localhot:8080/files/personal.swf
I have to secure the directory by accessing it only within the web application. Please, help me to secure the directory using web server or in red hat.
View 2 Replies
View Related
Dec 20, 2010
My better half spilled some coffee on her 8month old macbook and it decided not to work anymore. Apple says it will cost around $800 or more to fix, we wont be paying that, Ill be finding a logic board or service somewhere online now that our warranty is shot and going that route.But before I send the macbook off anywhere I need to pull some data off the HDD. I was able to plug the HDD into my Linux box(internally, I dont have an external enclosure). I was able to mount the drive and copy the directories I wanted to the HDD on my linuxbox.
But Im unable to to access the directory from the terminal or from the file browser, I get an access denied message. Because I know the username and password for the macbook is there a way I can use that to gain access to the directories?Google got me this far, but when I googled "access locked directory ubuntu" or any variation of that with the terms linux and osx thrown in there for good measure.
View 3 Replies
View Related
Sep 24, 2010
I created a website in my apache server. I just need to secure that when everyone try to access any folder on my root directory, it will show "Forbidden".
View 3 Replies
View Related
Feb 9, 2011
My company have an Active Directory to authenticate the user. Now we're implementing a web page in a linux webserver using PHP but one new request is to authenticate the user against AD. The problem is that we need to use SSL or another way to make secure the authentication. We don't know if using openldap and php can do this in a easy way.
View 2 Replies
View Related
Nov 2, 2010
I am running WHM and CPANEL on centos.I would like to upload a file to the root user directory. To be honest, my only experience uploading and downloading files with FTP has been with domain related accounts that were set up under WHM to be managed under CPANEL. This is quite simple, because all you do is set FileZilla or Dreamweaver up with the FTP address of the domain account and the username and password.How can I do something similar to FTP a file into the root or home directory?
View 1 Replies
View Related
May 30, 2011
I'm trying to setup an open-source project, I have a couple of developers on the team but nobody has experience with Apache. I would like to setup a simple home server for Bugzilla on Ubuntu 10.04, so my question is, is there a server that comes secure out-of-the-box so that simply adding files to /htdocs would suffice?
View 1 Replies
View Related
Apr 25, 2011
I had a problem with apache2 and getting .htaccess working. I have done some things and i believe its working the ErrorDocument command is anyway. I believe there may be some problems with the rewrites though.Im trying to take a urlhttp://localhost/showthread/123and make it display whats on http://localhost/index.php?showthread=123The rewrite rule is Quote:
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^showthread/([^/.]+)/?$ index.php?showthread=$1 [L]
[code]....
View 8 Replies
View Related
Feb 23, 2010
I would like to set up a proxy server at home which i can use to access sites from work. I was thinking a web-page i log into and then a sort of use like a browser? like this for example, but where i can have a secure login
View 4 Replies
View Related
Jul 19, 2010
I am going to be away semi permanently and want to create a VPN that will allow me to act as if my laptop was connected to my home network.
All I want is for the drives to be accessible so I can use them for primary access as if they are in the laptop.
Questions:
1. Can I set up a Linux VPN that is secure using public WiFi (or however I connect to the net) when I am on the road?
2. I will be using a desktop (32 bit) as the server, what version of Linux would be best for this?
3. If my server is linux and the server drives are NTFS will they be accessible using a windows machine? (I will be double booting the laptop)
4. I would like to set up a pass-code that is stored on the laptop so that only that machine can get access.
This can be up to 255 characters and encrypted so it would be very hard to break. Even I would not know what it is. (I would store it on a pen drive and be able to recover it from there.)
One more. I might want to add separate users that only have access to their one drive, not the server drive. Is that OK?
View 5 Replies
View Related
Mar 8, 2010
I'm running Ubuntu Server 9.10 and I'm looking to setup an FTP server. I have SSH running beautifully and it's accessible from any computer whether it be inside the network or coming in from the internet (provided you have the administrator username and password ). I've tried Proftpd and vsftpd and have failed miserably so far. Which FTP server application do you think I should go with and how could I go about setting it up through my SSH connection?
My current setup is this:
- Ubuntu Server 9.10 with Fixed IP of 192.168.1.100
- 500GB Hard Drive
- SDA1 = 512MB ext2 /boot
- SDA2 = 2GB swap
- SDA3 = 20GB ext4 /
- SDA5 = 438GB ext4 /home
- One User (Username = administrator)
- Full SSH Capabilities
- IP Address to DNS provided by www.dyndns.org
- WRT120N Router with Remote Access and Port 22 Open
I basically want to set up a secure FTP server that anyone on the internal network can access as well as anyone from the internet (as long as they have a username and password). I want to setup a username and password for each user so that they all have read/write access to the same folder in my /home partition (I'll call it FTPSHARE).
View 9 Replies
View Related
Dec 13, 2010
I am trying to remove the ability to login with password so, I follow the procedures I have found to generate a key, copy it on the server and after editing the sshd_conf file to set PasswordAuthentication to no, after I restart ssh, I find my self locked out of it....
View 5 Replies
View Related
Dec 27, 2010
how to setup a secure and reliable server, i have three ubuntu 10.10 servers a Dell PowerEdge 850,1850 and 2850 which has a Dell PowerVault 220s attached to it.The Dell PE850 Server Consists of:
Intel Pentium D 3.0GHz
4 GB RAM
Eventually 2x250GB Sata Hard Drives
The Dell PE850 Server Consists of:
2xIntel Xeon Processors 3.4GHz
4 GB RAM
2x76GB SCSI Hard Drives RAID 1
The Dell PE850 Server Consists of:
2xIntel Dual Core Processors 2.8GHz
4 GB RAM
6x76GB SCSI Hard Drives RAID 5 (pretty sure)
Dell PowerVault 220s
I would like to setup a reliable webserver, mail server, DNS and Dynamic DNS, DHCP, SQL, FTP, Samba (with Roaming Profiles), PXE Boot Server.I know how to setup most of the server modules, i would just like to know the best way to do it tho. I also want to no how to setup the secuity of the system correctly, and setup and partition up my hard disks to allow for the best reliabilty, even when a server crashes.I would like to now how to set these servers up from start to finish in a sence.
View 1 Replies
View Related
Dec 29, 2010
I am going to set up a file server on Ubuntu. I have searched a while, but can't seem to find a guide to what I want. The requirements specifications are the following:File server: possible to upload, change and download files.Linux (Ubuntu) clients, Windows clients if possible.Access restriction to deny access to other than registered users.Only the user should be able to read the content of the files.Ideally root should not be able to see the individual files, but in worst case it is ok for root to see the files.Root should not be able to open the files.Point 1-3 is easy to find out how to set up. But I can't seem to find a way to deny root to view the files. The only solution I can think of is to encrypt files or a whole folder, but I don't know how to set it up.
The setup is for a home network, but the server used as a file server will have a web server as well. If someone manages to get access to the server I don't want them to be able to read the files.
View 5 Replies
View Related
Apr 3, 2011
On a windows system I installed xampp, and let web applications on the computer be acceseable via internet . On a forum I was firmly instructed that it was an unsecure pracsis.Now I saw on utube, that it is possible to install apache and php on ubuntu 10.04 lts desktop edition.
q1: What shall I install to get apache and php and sql databases?
q2: Is runnings web applications that are acceseable via internet on a ubuntu desktop edition with the above descripted software also unacceptable in terms of security, or is it a productive secure platform. I was told that productive platforms are ok to connect to the internet.
View 2 Replies
View Related
May 5, 2011
Know any documentation or software packages to do a open source "File Hosting" or also known as "one-click hosting" server.I want to create my own private secure site to easily have clients download sensitive files. If it could be setup to use SSL that would be great.
View 1 Replies
View Related
