Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Configure Access Restrictions On Directories ====== **General Information** Access restrictions on Apache Web Server/private directories. ---- ====== Lab Setup ====== The following virtual machines will be used: * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here * server2.example.com (192.168.1.151) -> Install Apache Web Server here **Previous Sections Completed** * [[linux_wiki:network_services_overview_apache_web_server|Install/Configure]] * Except leave listening on port 80/tcp * [[linux_wiki:configure_a_virtual_host|Virtual Host Config]] ---- ====== Prerequisite: Basic Setup ====== Create the redsite virtualhost. \\ server2: Add redsite to vhosts.conf<code bash>vim /etc/httpd/conf.d/vhosts.conf <VirtualHost *:80> ServerName redsite.example.com DocumentRoot /data/redsite ErrorLog logs/redsite-error_log CustomLog logs/redsite-access_log combined <Directory "/data/redsite"> Options None AllowOverride None Require all granted </Directory> </VirtualHost> </code> \\ Check syntax <code bash> apachectl configtest </code> \\ Apply Config <code bash> apachectl restart </code> \\ server1: Update host name resolution <code bash> vim /etc/hosts 192.168.1.151 server2 bluesite.example.com redsite.example.com </code> ---- ====== Restrict Access to a Directory ====== ===== Setup Directory and SELinux ===== Create the directory structure <code bash> mkdir -p /data/redsite/private </code> \\ Create an index file <code bash> echo '<html><body>This is the <font color=red>RED SITE</font>.</body></html>' > /data/redsite/index.html </code> \\ Create a private index file <code bash> echo "This is for certain people to view only." > /data/redsite/private/index.html </code> \\ SELinux: Check normal httpd content contexts vs new directory <code bash> ls -lZ /var/www ls -lZ /data/redsite </code> * You will see that /var/www/html has "httpd_sys_content_t" and /data/redsite/index.html does not. This will need to be changed. \\ SELinux: Give new directory the correct SELinux httpd context <code bash> semanage fcontext -at httpd_sys_content_t "/data/redsite(/.*)?" restorecon -Rv /data/redsite/ </code> * Reminder: man semanage-fcontext (EXAMPLE at the bottom) ===== Restrict Access ===== **Help**: Available if you installed 'httpd-manual'<code bash>elinks /usr/share/httpd/manual/howto/auth.html</code> \\ Create password for the user <code bash> htpasswd -c /etc/httpd/conf/userdb user1 </code> * Prompted for a password \\ Edit the vhosts.conf file and add this additional Directory part in the redsite virtualhost <code bash>vim /etc/httpd/conf.d/vhosts.conf <VirtualHost *:80> ServerName redsite.example.com DocumentRoot /data/redsite #....SNIP....# <Directory "/data/redsite/private"> AuthType Basic AuthName "Restricted Area" AuthUserFile "/etc/httpd/conf/userdb" Require valid-user </Directory> </VirtualHost> </code> \\ Restart Apache <code bash> systemctl restart httpd </code> \\ Visit restricted directory <code bash> elinks http://redsite.example.com/private/ </code> * elinks may need to be installed first (yum install elinks) ---- linux_wiki/configure_access_restrictions_on_directories.txt Last modified: 2019/05/25 23:50(external edit)