Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_access_restrictions_on_directories [2018/05/06 23:37] billdozor [Restrict Access] |
linux_wiki:configure_access_restrictions_on_directories [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure Access Restrictions On Directories ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Access restrictions on Apache Web Server/ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
- | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
- | |||
- | **Previous Sections Completed** | ||
- | * [[linux_wiki: | ||
- | * Except leave listening on port 80/tcp | ||
- | * [[linux_wiki: | ||
- | |||
- | ---- | ||
- | |||
- | ====== Prerequisite: | ||
- | |||
- | Create the redsite virtualhost. | ||
- | |||
- | \\ | ||
- | server2: Add redsite to vhosts.conf< | ||
- | |||
- | < | ||
- | ServerName redsite.example.com | ||
- | DocumentRoot / | ||
- | ErrorLog logs/ | ||
- | CustomLog logs/ | ||
- | | ||
- | < | ||
- | Options None | ||
- | AllowOverride None | ||
- | Require all granted | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Check syntax | ||
- | <code bash> | ||
- | apachectl configtest | ||
- | </ | ||
- | |||
- | \\ | ||
- | Apply Config | ||
- | <code bash> | ||
- | apachectl restart | ||
- | </ | ||
- | |||
- | \\ | ||
- | server1: Update host name resolution | ||
- | <code bash> | ||
- | vim /etc/hosts | ||
- | |||
- | 192.168.1.151 server2 bluesite.example.com redsite.example.com | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Restrict Access to a Directory ====== | ||
- | |||
- | ===== Setup Directory and SELinux ===== | ||
- | |||
- | Create the directory structure | ||
- | <code bash> | ||
- | mkdir -p / | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create an index file | ||
- | <code bash> | ||
- | echo '< | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create a private index file | ||
- | <code bash> | ||
- | echo "This is for certain people to view only." > / | ||
- | </ | ||
- | |||
- | \\ | ||
- | SELinux: Check normal httpd content contexts vs new directory | ||
- | <code bash> | ||
- | ls -lZ /var/www | ||
- | |||
- | ls -lZ / | ||
- | </ | ||
- | * You will see that / | ||
- | |||
- | \\ | ||
- | SELinux: Give new directory the correct SELinux httpd context | ||
- | <code bash> | ||
- | semanage fcontext -at httpd_sys_content_t "/ | ||
- | restorecon -Rv / | ||
- | </ | ||
- | * Reminder: man semanage-fcontext | ||
- | |||
- | ===== Restrict Access ===== | ||
- | |||
- | **Help**: Available if you installed ' | ||
- | |||
- | \\ | ||
- | Create password for the user | ||
- | <code bash> | ||
- | htpasswd -c / | ||
- | </ | ||
- | * Prompted for a password | ||
- | |||
- | \\ | ||
- | Edit the vhosts.conf file and add this additional Directory part in the redsite virtualhost | ||
- | <code bash>vim / | ||
- | |||
- | < | ||
- | ServerName redsite.example.com | ||
- | DocumentRoot / | ||
- | # | ||
- | |||
- | < | ||
- | AuthType Basic | ||
- | AuthName " | ||
- | AuthUserFile "/ | ||
- | Require valid-user | ||
- | </ | ||
- | </ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart Apache | ||
- | <code bash> | ||
- | systemctl restart httpd | ||
- | </ | ||
- | |||
- | \\ | ||
- | Visit restricted directory | ||
- | <code bash> | ||
- | elinks http:// | ||
- | </ | ||
- | * elinks may need to be installed first (yum install elinks) | ||
- | |||
- | ---- | ||