LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-19-2010, 10:17 PM   #1
marquisor
Member
 
Registered: Sep 2010
Location: Germany
Distribution: Debian
Posts: 53

Rep: Reputation: 3
Question Advanced apache2 configuration - Folder display, allowed .php display


Hello Serverinos!

After configuring and running a web-server with apache2, PHP installation and MySQL setup + a MediaWiki installation etc. blah I now run into some problems/security questions.

1.) Block access/display to/of critical files

If I run a text-editor to edit a settings file .php, the editor (I use jed) always creates a backup named filename.php~
this backup is READABLE! by everybody who types that URL in their browser. that is f.e. the file localhost/mediawiki/LocalSettings.php~

Well I don't have to tell you, what plain stuff there could be read!

How can I get rid of this? Don't tell me the texteditor settings have to change. I mean access rights to those .php~ .html~ etc. files.

2.) Limit access in general

How can I set only very few valid entrypoints, and every other access is forbidden? I don't want ppl to go on f.e. localhost/mediawiki/maintenance/purge.php ... even if it does nothing, I don't want it! How to set?

3.) Display correct URL in browser?

The entry point is localhost/mediawiki/index.php. index.php is always shown, how can I turn this off? It looks noobish... No greater wiki site I know has this displayed. Even further URLs display the index.php, f.e. localhost/mediawiki/index.php/Coding

4.) How to setup SSL (https://) capability? If of any use?

Thx in advance!

Regards
marquisor
 
Old 10-20-2010, 12:47 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,909

Rep: Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326Reputation: 1326
Hi,

1. You can use:
Code:
<FilesMatch "\.php~>
Deny from all
</FilesMatch>
2. Usually normal users in those wikis are allowed access in specific directories. Only admins can access the maintenance/configuration directories and only after authentication.

3. Add index.php in the DirectoryIndex directive of your server.

4. If you think you need https, read your distro's documentation about adding ssl support in apache.

Regards
 
  


Reply

Tags
apache2, https, rights, ssl, webserver


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Centos 5.2 running Apache 2 and PHP 4 cannot display info.php codenjanod Linux - Server 2 08-19-2008 02:00 AM
apache2 error message display problem SUSE 10.1 hufemj Linux - Software 0 11-07-2006 07:19 AM
Apache2.0.52 + php4.39 +firefox downloading php rather than display mdkelly Linux - Software 3 10-30-2004 09:31 PM
How to display the size of a folder? dtournas Linux - General 1 10-12-2004 10:30 AM
Apache2: How to allow Apache to display contents in the file system? vous Linux - Software 1 02-03-2004 05:36 AM


All times are GMT -5. The time now is 07:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration