Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 10-19-2010, 10:17 PM   #1
Registered: Sep 2010
Location: Germany
Distribution: Debian
Posts: 53

Rep: Reputation: 3
Question Advanced apache2 configuration - Folder display, allowed .php display

Hello Serverinos!

After configuring and running a web-server with apache2, PHP installation and MySQL setup + a MediaWiki installation etc. blah I now run into some problems/security questions.

1.) Block access/display to/of critical files

If I run a text-editor to edit a settings file .php, the editor (I use jed) always creates a backup named filename.php~
this backup is READABLE! by everybody who types that URL in their browser. that is f.e. the file localhost/mediawiki/LocalSettings.php~

Well I don't have to tell you, what plain stuff there could be read!

How can I get rid of this? Don't tell me the texteditor settings have to change. I mean access rights to those .php~ .html~ etc. files.

2.) Limit access in general

How can I set only very few valid entrypoints, and every other access is forbidden? I don't want ppl to go on f.e. localhost/mediawiki/maintenance/purge.php ... even if it does nothing, I don't want it! How to set?

3.) Display correct URL in browser?

The entry point is localhost/mediawiki/index.php. index.php is always shown, how can I turn this off? It looks noobish... No greater wiki site I know has this displayed. Even further URLs display the index.php, f.e. localhost/mediawiki/index.php/Coding

4.) How to setup SSL (https://) capability? If of any use?

Thx in advance!

Old 10-20-2010, 12:47 AM   #2
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,843

Rep: Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596Reputation: 1596

1. You can use:
<FilesMatch "\.php~>
Deny from all
2. Usually normal users in those wikis are allowed access in specific directories. Only admins can access the maintenance/configuration directories and only after authentication.

3. Add index.php in the DirectoryIndex directive of your server.

4. If you think you need https, read your distro's documentation about adding ssl support in apache.



apache2, https, rights, ssl, webserver

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Centos 5.2 running Apache 2 and PHP 4 cannot display info.php codenjanod Linux - Server 2 08-19-2008 02:00 AM
apache2 error message display problem SUSE 10.1 hufemj Linux - Software 0 11-07-2006 07:19 AM
Apache2.0.52 + php4.39 +firefox downloading php rather than display mdkelly Linux - Software 3 10-30-2004 09:31 PM
How to display the size of a folder? dtournas Linux - General 1 10-12-2004 10:30 AM
Apache2: How to allow Apache to display contents in the file system? vous Linux - Software 1 02-03-2004 05:36 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:28 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration