linux_wiki:configure_access_restrictions_on_directories

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_access_restrictions_on_directories [2018/05/06 23:37]
billdozor [Restrict Access] 		linux_wiki:configure_access_restrictions_on_directories [2019/05/25 23:50]
Line 1: Line 1:
-====== Configure Access Restrictions On Directories ====== 
- 
-**General Information** 
- 
-Access restrictions on Apache Web Server/private directories. 
- 
----- 
- 
-====== Lab Setup ====== 
- 
-The following virtual machines will be used: 
-  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here 
-  * server2.example.com (192.168.1.151) -> Install Apache Web Server here 
- 
-**Previous Sections Completed** 
-  * [[linux_wiki:network_services_overview_apache_web_server|Install/Configure]] 
-    * Except leave listening on port 80/tcp 
-  * [[linux_wiki:configure_a_virtual_host|Virtual Host Config]] 
- 
----- 
- 
-====== Prerequisite: Basic Setup ====== 
- 
-Create the redsite virtualhost. 
- 
-\\ 
-server2: Add redsite to vhosts.conf<code bash>vim /etc/httpd/conf.d/vhosts.conf 
- 
-<VirtualHost *:80> 
-  ServerName redsite.example.com 
-  DocumentRoot /data/redsite 
-  ErrorLog logs/redsite-error_log 
-  CustomLog logs/redsite-access_log combined 
-   
-  <Directory "/data/redsite"> 
-    Options None 
-    AllowOverride None 
-    Require all granted 
-  </Directory> 
-</VirtualHost> 
-</code> 
- 
-\\ 
-Check syntax 
-<code bash> 
-apachectl configtest 
-</code> 
- 
-\\ 
-Apply Config 
-<code bash> 
-apachectl restart 
-</code> 
- 
-\\ 
-server1: Update host name resolution 
-<code bash> 
-vim /etc/hosts 
- 
-192.168.1.151 server2 bluesite.example.com redsite.example.com 
-</code> 
- 
----- 
- 
-====== Restrict Access to a Directory ====== 
- 
-===== Setup Directory and SELinux ===== 
- 
-Create the directory structure 
-<code bash> 
-mkdir -p /data/redsite/private 
-</code> 
- 
-\\ 
-Create an index file 
-<code bash> 
-echo '<html><body>This is the <font color=red>RED SITE</font>.</body></html>' > /data/redsite/index.html 
-</code> 
- 
-\\ 
-Create a private index file 
-<code bash> 
-echo "This is for certain people to view only." > /data/redsite/private/index.html 
-</code> 
- 
-\\ 
-SELinux: Check normal httpd content contexts vs new directory 
-<code bash> 
-ls -lZ /var/www 
- 
-ls -lZ /data/redsite 
-</code> 
-  * You will see that /var/www/html has "httpd_sys_content_t" and /data/redsite/index.html does not. This will need to be changed. 
- 
-\\ 
-SELinux: Give new directory the correct SELinux httpd context 
-<code bash> 
-semanage fcontext -at httpd_sys_content_t "/data/redsite(/.*)?" 
-restorecon -Rv /data/redsite/ 
-</code> 
-  * Reminder: man semanage-fcontext  (EXAMPLE at the bottom) 
- 
-===== Restrict Access ===== 
- 
-**Help**: Available if you installed 'httpd-manual'<code bash>elinks /usr/share/httpd/manual/mod/mod_auth_basic.html</code> 
- 
-\\ 
-Create password for the user 
-<code bash> 
-htpasswd -c /etc/httpd/conf/userdb user1 
-</code> 
-  * Prompted for a password 
- 
-\\ 
-Edit the vhosts.conf file and add this additional Directory part in the redsite virtualhost 
-<code bash>vim /etc/httpd/conf.d/vhosts.conf 
- 
-<VirtualHost *:80> 
-  ServerName redsite.example.com 
-  DocumentRoot /data/redsite 
-  #....SNIP....# 
- 
-  <Directory "/data/redsite/private"> 
-    AuthType Basic 
-    AuthName "Restricted Area" 
-    AuthUserFile "/etc/httpd/conf/userdb" 
-    Require valid-user 
-  </Directory> 
-</VirtualHost> 
-</code> 
- 
-\\ 
-Restart Apache 
-<code bash> 
-systemctl restart httpd 
-</code> 
- 
-\\ 
-Visit restricted directory 
-<code bash> 
-elinks http://redsite.example.com/private/ 
-</code> 
-  * elinks may need to be installed first (yum install elinks) 
- 
----- 
  
  • linux_wiki/configure_access_restrictions_on_directories.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)