LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Restricting access to Apache directories (https://www.linuxquestions.org/questions/linux-server-73/restricting-access-to-apache-directories-4175429465/)

mcc28 09-28-2012 11:37 AM

Restricting access to Apache directories
 
Hi,

I have LAMP running on Ubuntu 12.04. Besides this I also have installed in subdirectories under /var/www/ webmin, ossec, gallery, etc.

I have a no-ip domain so my default webpage is served from mydomain.hopto.org.

I want to be able to prevent access to mydomain.hopto.org/webmin or mydomain.hopto.org/gallery except from my LAN 192.168.0.x but have access to mydomain.hopto.org/gallery from anywhere.

What is the easiest (simple) and least time consuming way to do this please?

thanks

roreilly 09-28-2012 05:24 PM

You are going to need to add some security.

You have several options. You can use htpasswd ,and put a username/password prompt in front of those directories,
or you can do directory security.

Directory security would look something like this:

<Directory /var/www/webmin/>
Order, Deny, Allow
Deny from All
Allow from 192.168.0.
</Directory>


If you want to use username/password protection so that you can still access these directories from the outside,
then I would add htpasswd:

<Directory /var/www/webmin/>
AllowOverride AuthConfig
AuthType Digest
AuthName "something_goes_here"
AuthDigestProvider file
AuthUserFile /etc/apache2/htaccess/digest_file_name
Require valid-user
Order, Deny, Allow
Deny from All
Allow from 192.168.0.
Satisfy Any
</Directory>

I use the 2nd option for myself. It allows passowrd-less access from my local lan,
but when I connect from outside, it requires a username/password.


All times are GMT -5. The time now is 11:31 PM.