General Information
Access restrictions on Apache Web Server/private directories.
The following virtual machines will be used:
Previous Sections Completed
Create the redsite virtualhost.
server2: Add redsite to vhosts.conf
vim /etc/httpd/conf.d/vhosts.conf <VirtualHost *:80> ServerName redsite.example.com DocumentRoot /data/redsite ErrorLog logs/redsite-error_log CustomLog logs/redsite-access_log combined <Directory "/data/redsite"> Options None AllowOverride None Require all granted </Directory> </VirtualHost>
Check syntax
apachectl configtest
Apply Config
apachectl restart
server1: Update host name resolution
vim /etc/hosts 192.168.1.151 server2 bluesite.example.com redsite.example.com
Create the directory structure
mkdir -p /data/redsite/private
Create an index file
echo '<html><body>This is the <font color=red>RED SITE</font>.</body></html>' > /data/redsite/index.html
Create a private index file
echo "This is for certain people to view only." > /data/redsite/private/index.html
SELinux: Check normal httpd content contexts vs new directory
ls -lZ /var/www ls -lZ /data/redsite
SELinux: Give new directory the correct SELinux httpd context
semanage fcontext -at httpd_sys_content_t "/data/redsite(/.*)?" restorecon -Rv /data/redsite/
Help: Available if you installed 'httpd-manual'
elinks /usr/share/httpd/manual/howto/auth.html
Create password for the user
htpasswd -c /etc/httpd/conf/userdb user1
Edit the vhosts.conf file and add this additional Directory part in the redsite virtualhost
vim /etc/httpd/conf.d/vhosts.conf <VirtualHost *:80> ServerName redsite.example.com DocumentRoot /data/redsite #....SNIP....# <Directory "/data/redsite/private"> AuthType Basic AuthName "Restricted Area" AuthUserFile "/etc/httpd/conf/userdb" Require valid-user </Directory> </VirtualHost>
Restart Apache
systemctl restart httpd
Visit restricted directory
elinks http://redsite.example.com/private/