subject:"\[us...@httpd\] still see .htaccess and .htpasswd trough virtual host"

[us...@httpd] still see .htaccess and .htpasswd trough virtual host

2010-07-08 Thread J. Bakshi

Hello list,

I have become little confused and hope to get some help. I have a suse
11.2 server running   Apache/2.2.10 (Linux/SUSE) with some virtual hosts. I 
already have the following in httpd.conf file

``
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
Files ~ ^\.ht
Order allow,deny
Deny from all
/Files
``

But still I can read the .htaccess and .htpasswd file through browser, when 
visit the virtual host. But if I add the above config at the virtual host 
itself, it works well. So the virtualhosts bypass the config already there in 
httpd.conf.  Do I need to write the code for each and every virtualhost then ? 
Not possible to define at any common point just once ?

Please let me know,
Thanks

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

2010-07-08 Thread Mark Watts

On Thu, 2010-07-08 at 13:40 +0530, J. Bakshi wrote:
 Hello list,
 
 I have become little confused and hope to get some help. I have a suse
 11.2 server running   Apache/2.2.10 (Linux/SUSE) with some virtual hosts. I 
 already have the following in httpd.conf file
 
 ``
 AccessFileName .htaccess
 
 #
 # The following lines prevent .htaccess and .htpasswd files from being
 # viewed by Web clients.
 #
 Files ~ ^\.ht
 Order allow,deny
 Deny from all
 /Files
 ``
 
 But still I can read the .htaccess and .htpasswd file through browser, when 
 visit the virtual host. But if I add the above config at the virtual host 
 itself, it works well. So the virtualhosts bypass the config already there in 
 httpd.conf.  Do I need to write the code for each and every virtualhost then 
 ? Not possible to define at any common point just once ?

Are you sure you're not seeing cached copies?


FilesMatch ^\.ht
Order allow,deny
Deny from all
/FilesMatch

This prevents you from opening (GET /.htaccess) those files.

If you want to prevent them from being seen in a directory listing, use
IndexIgnore

http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexignore

Mark.

-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg


signature.asc
Description: This is a digitally signed message part

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

2010-07-08 Thread J. Bakshi

On Thu, 08 Jul 2010 09:20:36 +0100
Mark Watts m.wa...@eris.qinetiq.com wrote:

 On Thu, 2010-07-08 at 13:40 +0530, J. Bakshi wrote:
  Hello list,
  
  I have become little confused and hope to get some help. I have a
  suse 11.2 server running   Apache/2.2.10 (Linux/SUSE) with some
  virtual hosts. I already have the following in httpd.conf file
  
  ``
  AccessFileName .htaccess
  
  #
  # The following lines prevent .htaccess and .htpasswd files from
  being # viewed by Web clients.
  #
  Files ~ ^\.ht
  Order allow,deny
  Deny from all
  /Files
  ``
  
  But still I can read the .htaccess and .htpasswd file through
  browser, when visit the virtual host. But if I add the above config
  at the virtual host itself, it works well. So the virtualhosts
  bypass the config already there in httpd.conf.  Do I need to write
  the code for each and every virtualhost then ? Not possible to
  define at any common point just once ?
 
 Are you sure you're not seeing cached copies?
 
 
 FilesMatch ^\.ht
 Order allow,deny
 Deny from all
 /FilesMatch
 
 This prevents you from opening (GET /.htaccess) those files.

Hello Mark,

Thanks for your reply. I have just checked with another browser but same here. 
I can see the contents of .htpasswd as well as .htaccess
Even I have added the config you have mentioned above but no luck. I am very 
confused now.


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

2010-07-08 Thread Matus UHLAR - fantomas

Hello,

please configure your mailer to wrap lines below 80 characters per line.
72 to 75 is usually OK.

Thank you.

On 08.07.10 13:40, J. Bakshi wrote:
 I already have the following in httpd.conf file
 
 ``
 AccessFileName .htaccess
 #
 # The following lines prevent .htaccess and .htpasswd files from being
 # viewed by Web clients.
 #
 Files ~ ^\.ht
 Order allow,deny
 Deny from all
 /Files
 ``

 But still I can read the .htaccess and .htpasswd file through browser,
 when visit the virtual host. But if I add the above config at the virtual
 host itself, it works well. So the virtualhosts bypass the config already
 there in httpd.conf.  Do I need to write the code for each and every
 virtualhost then ? Not possible to define at any common point just once ?

is this in server config or in some virtualhost or directory section?
Is there any Files section of the host you are referring to?

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One World. One Web. One Program. - Microsoft promotional advertisement
Ein Volk, ein Reich, ein Fuhrer! - Adolf Hitler

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

2010-07-08 Thread Mark Watts

 Hello Mark,
 
 Thanks for your reply. I have just checked with another browser but same 
 here. I can see the contents of .htpasswd as well as .htaccess
 Even I have added the config you have mentioned above but no luck. I am very 
 confused now.

Where in your configuration file(s) do you have these directives? (the
Files or FilesMatch block) ?

Mark.


-- 
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg


signature.asc
Description: This is a digitally signed message part

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

2010-07-08 Thread J. Bakshi

On Thu, 8 Jul 2010 10:57:23 +0200
Matus UHLAR - fantomas uh...@fantomas.sk wrote:

snip

 
 is this in server config or in some virtualhost or directory section?
 Is there any Files section of the host you are referring to?
 
/snip

Hello Mark and Matus,

Thanks for your responses, the Files section is at httpd.conf .I think it 
would be the best if I show you two files; httpd.conf and a vhost

## httpd.conf ###
--

# run under this user/group id
Include /etc/apache2/uid.conf

# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf

# ErrorLog: The location of the error log file.
ErrorLog /var/log/apache2/error_log

# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf

# IP addresses / ports to listen on
Include /etc/apache2/listen.conf

# predefined logging formats
Include /etc/apache2/mod_log_config.conf

# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf

# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf

# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf

# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf

# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf

# set up (customizable) error responses
Include /etc/apache2/errors.conf

# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf

# forbid access to the entire filesystem by default
Directory /
Options None
AllowOverride None
Order deny,allow
Deny from all
/Directory

AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
Files ~ ^\.ht
Order allow,deny
Deny from all
/Files

### Virtual server configuration 
Include /etc/apache2/vhosts.d/*.conf
`

And now here is one vhsost

```
VirtualHost  example.com:80
ServerName http://www.example.com
ServerAlias http://example.com
ServerAdmin y...@example.com

#don't loose time with IP address lookups
HostnameLookups Off

# needed for named virtual hosts
#UseCanonicalName Off

DocumentRoot /srv/www/htdocs/example.com

DirectoryIndex index.php

ScriptAlias /cgi-bin/ /srv/www/cgi-bin/

Directory /srv/www/htdocs/example.com/

Options +FollowSymLinks -Indexes

# .htaccess slows down apache; only use it when required #
AllowOverride All
Order allow,deny
Allow from all

### Begin: Rewrite stuff ###
IfModule mod_rewrite.c

# Enable URL rewriting
 RewriteEngine On
 RewriteBase /

# If the file/symlink/directory does not exist =
Redirect to index.php # Important note: If you
copy/paste this into httpd.conf instead # of .htaccess
you will need to add '%{DOCUMENT_ROOT}' left to each #
'%{REQUEST_FILENAME}' part. RewriteCond
%{REQUEST_FILENAME} !-f RewriteCond
%{REQUEST_FILENAME} !-d RewriteCond
%{REQUEST_FILENAME} !-l

RewriteRule .* index.php [L]

### End: Rewrite stuff ###
/IfModule
/Directory


ScriptAlias /awstats  /usr/local/awstats/wwwroot/cgi-bin/awstats.pl
Location /awstats
AuthType Basic
AuthName awstats requires a password
AuthUserFile /srv/www/htdocs/example.com/.htpasswd
Require valid-user
/Location
/VirtualHost
`

If I visit example.com;  I can see the contents of both .htaccess and .htpasswd 
:-(


-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

2010-07-08 Thread J. Bakshi


any clue please ?

On Thu, 8 Jul 2010 16:38:04 +0530
J. Bakshi joyd...@infoservices.in wrote:

 On Thu, 8 Jul 2010 10:57:23 +0200
 Matus UHLAR - fantomas uh...@fantomas.sk wrote:
 
 snip
 
  
  is this in server config or in some virtualhost or directory section?
  Is there any Files section of the host you are referring to?
  
 /snip
 
 Hello Mark and Matus,
 
 Thanks for your responses, the Files section is at httpd.conf .I think it
 would be the best if I show you two files; httpd.conf and a vhost
 
 ## httpd.conf ###
 --
 
 # run under this user/group id
 Include /etc/apache2/uid.conf
 
 # - how many server processes to start (server pool regulation)
 # - usage of KeepAlive
 Include /etc/apache2/server-tuning.conf
 
 # ErrorLog: The location of the error log file.
 ErrorLog /var/log/apache2/error_log
 
 # generated from APACHE_MODULES in /etc/sysconfig/apache2
 Include /etc/apache2/sysconfig.d/loadmodule.conf
 
 # IP addresses / ports to listen on
 Include /etc/apache2/listen.conf
 
 # predefined logging formats
 Include /etc/apache2/mod_log_config.conf
 
 # generated from global settings in /etc/sysconfig/apache2
 Include /etc/apache2/sysconfig.d/global.conf
 
 # optional mod_status, mod_info
 Include /etc/apache2/mod_status.conf
 Include /etc/apache2/mod_info.conf
 
 # optional cookie-based user tracking
 # read the documentation before using it!!
 Include /etc/apache2/mod_usertrack.conf
 
 # configuration of server-generated directory listings
 Include /etc/apache2/mod_autoindex-defaults.conf
 
 # associate MIME types with filename extensions
 TypesConfig /etc/apache2/mime.types
 DefaultType text/plain
 Include /etc/apache2/mod_mime-defaults.conf
 
 # set up (customizable) error responses
 Include /etc/apache2/errors.conf
 
 # global (server-wide) SSL configuration, that is not specific to
 # any virtual host
 Include /etc/apache2/ssl-global.conf
 
 # forbid access to the entire filesystem by default
 Directory /
 Options None
 AllowOverride None
 Order deny,allow
 Deny from all
 /Directory
 
 AccessFileName .htaccess
 
 #
 # The following lines prevent .htaccess and .htpasswd files from being
 # viewed by Web clients.
 #
 Files ~ ^\.ht
 Order allow,deny
 Deny from all
 /Files
 
 ### Virtual server configuration 
 Include /etc/apache2/vhosts.d/*.conf
 `
 
 And now here is one vhsost
 
 ```
 VirtualHost  example.com:80
 ServerName http://www.example.com
 ServerAlias http://example.com
 ServerAdmin y...@example.com
 
 #don't loose time with IP address lookups
 HostnameLookups Off
 
 # needed for named virtual hosts
 #UseCanonicalName Off
 
 DocumentRoot /srv/www/htdocs/example.com
 
 DirectoryIndex index.php
 
 ScriptAlias /cgi-bin/ /srv/www/cgi-bin/
 
 Directory /srv/www/htdocs/example.com/
 
 Options +FollowSymLinks -Indexes
 
 # .htaccess slows down apache; only use it when required #
 AllowOverride All
 Order allow,deny
 Allow from all
 
 ### Begin: Rewrite stuff ###
 IfModule mod_rewrite.c
 
 # Enable URL rewriting
  RewriteEngine On
  RewriteBase /
 
 # If the file/symlink/directory does not exist =
 Redirect to index.php # Important note: If you
 copy/paste this into httpd.conf instead # of .htaccess
 you will need to add '%{DOCUMENT_ROOT}' left to each #
 '%{REQUEST_FILENAME}' part. RewriteCond
 %{REQUEST_FILENAME} !-f RewriteCond
 %{REQUEST_FILENAME} !-d RewriteCond
 %{REQUEST_FILENAME} !-l
 
 RewriteRule .* index.php [L]
 
 ### End: Rewrite stuff ###
 /IfModule
 /Directory
 
 
 ScriptAlias /awstats  /usr/local/awstats/wwwroot/cgi-bin/awstats.pl
 Location /awstats
 AuthType Basic
 AuthName awstats requires a password
 AuthUserFile /srv/www/htdocs/example.com/.htpasswd
 Require valid-user
 /Location
 /VirtualHost
 `
 
 If I visit example.com;  I can see the contents of both .htaccess
 and .htpasswd :-(
 
 
 -
 The official User-To-User support forum of the Apache HTTP Server Project.
 See URL:http://httpd.apache.org/userslist.html for more info.
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   from the digest: users-digest-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org
 

-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  from the digest:

[us...@httpd] still see .htaccess and .htpasswd trough virtual host

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

Re: [us...@httpd] still see .htaccess and .htpasswd trough virtual host

7 matches

Site Navigation

Mail list logo

Footer information