Configure protected directories Apache

Hello @Inderpreet/Team,

I did everything asked in the question but still this task failed (htpasswd authentication is not setup correctly on App Server 3) and before submitting it checked from the jumphost and the output is attached in the below screenshot.

I was able to see the index.html content after passing the username and password and just curl http://172.16.238.12:8080 got unauthorized access. I did this on stapp03 as asked in question. Can you please check this and let me what went wrong?

Thanks,
Mohamed

Hello @Inderpreet,

Can you please check this and update me.

Thanks,
Mohamed Sheeraz

  1. create directory
  2. Adding user:
    htpasswd -c /etc/httpd/.htpasswd
  3. Create basic .htaccess file
    cat /var/www/html/itadmin/.htaccess <----------- itadmin is the new directory created
    AuthType Basic
    AuthName “Restricted Content”
    AuthUserFile /etc/httpd/.htpasswd
    Require valid-user
  4. Update the httpd configuration file with this entry
    cat /etc/httpd/conf/httpd.conf
    <Directory “/var/www/html/itadmin”> <--------- itadmin is the new directory name
    AllowOverride AuthConfig
  5. Scp /tmp/index.html file from jumpbox to app server (/var/www/html/itadmin/index.html).
  6. Restart httpd service
  7. Test connectivity
    curl -u yousuf:GyQkFRVNr3 http://stapp01:8080/itadmin/

what steps did you do?
@mohamedsheeraz1

1 Like

pls check below my entire commands for the task. pls tell me where iam going wrong.

then it is asking for password, does copy and paste works here or do i need to manually type the password

ssh [email protected]
The authenticity of host ‘stapp03 (172.16.238.12)’ can’t be established.
ECDSA key fingerprint is SHA256:SySamszyWhhLGFiybhGBqfrr8g55wS/3e37ZpBOvICs.
ECDSA key fingerprint is MD5:6d:31:18:2a:f9:07:f3:29:dd:0a:d3:1f:6e:04:0a:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘stapp03,172.16.238.12’ (ECDSA) to the list of known hosts.
[email protected]’s password:
[[email protected] ~]$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for banner:
Sorry, try again.
[sudo] password for banner:
[[email protected] banner]# yum install httpd -y
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
epel/x86_64/metalink | 31 kB 00:00:00

  • base: linux.darkpenguin.net
  • epel: mirrors.n-ix.net
  • extras: mirror.alpix.eu
  • remi-php72: mirror.23media.com
  • remi-safe: mirror.23media.com
  • updates: linux.darkpenguin.net
    base | 3.6 kB 00:00:00
    epel | 4.7 kB 00:00:00
    extras | 2.9 kB 00:00:00
    remi-php72 | 3.0 kB 00:00:00
    remi-safe | 3.0 kB 00:00:00
    updates | 2.9 kB 00:00:00
    (1/9): base/7/x86_64/group_gz | 153 kB 00:00:00
    (2/9): extras/7/x86_64/primary_db | 205 kB 00:00:00
    (3/9): epel/x86_64/group_gz | 95 kB 00:00:00
    (4/9): epel/x86_64/updateinfo | 1.0 MB 00:00:00
    (5/9): epel/x86_64/primary_db | 6.9 MB 00:00:00
    (6/9): updates/7/x86_64/primary_db | 3.7 MB 00:00:00
    (7/9): base/7/x86_64/primary_db | 6.1 MB 00:00:00
    (8/9): remi-php72/primary_db | 241 kB 00:00:00
    (9/9): remi-safe/primary_db | 1.8 MB 00:00:01
    Resolving Dependencies
    –> Running transaction check
    —> Package httpd.x86_64 0:2.4.6-90.el7.centos will be updated
    —> Package httpd.x86_64 0:2.4.6-93.el7.centos will be an update
    –> Processing Dependency: httpd-tools = 2.4.6-93.el7.centos for package: httpd-2.4.6-93.el7.centos.x86_64
    –> Running transaction check
    —> Package httpd-tools.x86_64 0:2.4.6-90.el7.centos will be updated
    —> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be an update
    –> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================

Package Arch Version Repository Size

Updating:
httpd x86_64 2.4.6-93.el7.centos base 2.7 M
Updating for dependencies:
httpd-tools x86_64 2.4.6-93.el7.centos base 92 k

Transaction Summary

Upgrade 1 Package (+1 Dependent package)

Total download size: 2.8 M

Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): httpd-tools-2.4.6-93.el7.centos.x86_64.rpm | 92 kB 00:00:00
(2/2): httpd-2.4.6-93.el7.centos.x86_64.rpm | 2.7 MB 00:00:00

Total 16 MB/s | 2.8 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : httpd-tools-2.4.6-93.el7.centos.x86_64 1/4
Updating : httpd-2.4.6-93.el7.centos.x86_64 2/4
Cleanup : httpd-2.4.6-90.el7.centos.x86_64 3/4
Cleanup : httpd-tools-2.4.6-90.el7.centos.x86_64 4/4
Verifying : httpd-tools-2.4.6-93.el7.centos.x86_64 1/4
Verifying : httpd-2.4.6-93.el7.centos.x86_64 2/4
Verifying : httpd-tools-2.4.6-90.el7.centos.x86_64 3/4
Verifying : httpd-2.4.6-90.el7.centos.x86_64 4/4

Updated:
httpd.x86_64 0:2.4.6-93.el7.centos

Dependency Updated:
httpd-tools.x86_64 0:2.4.6-93.el7.centos

Complete!
[[email protected] banner]# ls -al
total 20
drwx------ 2 banner banner 4096 Jan 25 2020 .
drwxr-xr-x 3 root root 4096 Jan 25 2020 …
-rw-r–r-- 3 banner banner 18 Oct 30 2018 .bash_logout
-rw-r–r-- 3 banner banner 193 Oct 30 2018 .bash_profile
-rw-r–r-- 3 banner banner 231 Oct 30 2018 .bashrc
[[email protected] banner]# cd …
[[email protected] home]# ls -al
total 12
drwxr-xr-x 3 root root 4096 Jan 25 2020 .
drwxr-xr-x 1 root root 4096 Aug 5 23:22 …
drwx------ 2 banner banner 4096 Jan 25 2020 banner
[[email protected] home]# ls
banner
[[email protected] home]# ls -al
total 12
drwxr-xr-x 3 root root 4096 Jan 25 2020 .
drwxr-xr-x 1 root root 4096 Aug 5 23:22 …
drwx------ 2 banner banner 4096 Jan 25 2020 banner
[[email protected] home]# cd var
bash: cd: var: No such file or directory
[[email protected] home]# cd /var
[[email protected] var]# cd www
[[email protected] www]# cd html
[[email protected] html]# pwd
/var/www/html
[[email protected] html]# mkdir sysops
[[email protected] html]# pwd
/var/www/html
[[email protected] html]# htpasswd -c /etc/httpd/.htpasswd mark
New password:
Re-type new password:
Adding password for user mark
[[email protected] html]# cd /var/www/html/sysops
[[email protected] sysops]# vi .htaccess
[[email protected] sysops]# vi /etc/httpd/conf/httpd.conf
[[email protected] sysops]# exit
exit
[[email protected] ~] exit logout Connection to stapp03 closed. [email protected]_host / sudo scp -r /tmp/index.html [email protected]:/tmp

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for thor:
The authenticity of host ‘172.16.238.11 (172.16.238.11)’ can’t be established.
ECDSA key fingerprint is SHA256:SySamszyWhhLGFiybhGBqfrr8g55wS/3e37ZpBOvICs.
ECDSA key fingerprint is MD5:6d:31:18:2a:f9:07:f3:29:dd:0a:d3:1f:6e:04:0a:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.16.238.11’ (ECDSA) to the list of known hosts.
[email protected]’s password:
Permission denied, please try again.
[email protected]’s password:
Permission denied, please try again.
[email protected]’s password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
[email protected]_host / sudo scp -r /tmp/index.html [email protected]:/tmp The authenticity of host ‘172.16.238.12 (172.16.238.12)’ can’t be established. ECDSA key fingerprint is SHA256:SySamszyWhhLGFiybhGBqfrr8g55wS/3e37ZpBOvICs. ECDSA key fingerprint is MD5:6d:31:18:2a:f9:07:f3:29:dd:0a:d3:1f:6e:04:0a:db. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘172.16.238.12’ (ECDSA) to the list of known hosts. [email protected]’s password: index.html 100% 51 56.1KB/s 00:00 [email protected]_host / ssh [email protected]
[email protected]’s password:
Last login: Wed Aug 5 23:25:45 2020 from jump_host.linuxprotecteddirhttpd_app_net
[[email protected] ~] sudo mv /temp/index.html /var/www/html/itadmin/index.html [sudo] password for banner: mv: cannot stat ‘/temp/index.html’: No such file or directory [[email protected] ~] sudo mv /tmp/index.html /var/www/html/itadmin/index.html
mv: cannot move ‘/tmp/index.html’ to ‘/var/www/html/itadmin/index.html’: No such file or directory
[[email protected] ~] sudo mv /tmp/index.html /var/www/html/sysops [[email protected] ~] ls -al
total 24
drwx------ 1 banner banner 4096 Aug 5 23:40 .
drwxr-xr-x 1 root root 4096 Jan 25 2020 …
-rw------- 1 banner banner 14 Aug 5 23:40 .bash_history
-rw-r–r-- 3 banner banner 18 Oct 30 2018 .bash_logout
-rw-r–r-- 3 banner banner 193 Oct 30 2018 .bash_profile
-rw-r–r-- 3 banner banner 231 Oct 30 2018 .bashrc
[[email protected] ~] cd … [[email protected] home] ls -al
total 12
drwxr-xr-x 1 root root 4096 Jan 25 2020 .
drwxr-xr-x 1 root root 4096 Aug 5 23:22 …
drwx------ 1 banner banner 4096 Aug 5 23:40 banner
[[email protected] home] cd … [[email protected] /] cd …
[[email protected] /] cd /var [[email protected] var] cd www
[[email protected] www] cd html [[email protected] html] ls -al
total 12
drwxr-xr-x 3 root root 4096 Aug 5 23:29 .
drwxr-xr-x 1 root root 4096 Apr 2 13:14 …
drwxr-xr-x 2 root root 4096 Aug 5 23:44 sysops
[[email protected] html] cd sysops [[email protected] sysops] ls -al
total 16
drwxr-xr-x 2 root root 4096 Aug 5 23:44 .
drwxr-xr-x 3 root root 4096 Aug 5 23:29 …
-rw-r–r-- 1 root root 102 Aug 5 23:35 .htaccess
-rw-r–r-- 1 banner banner 51 Aug 5 23:42 index.html
[[email protected] sysops] cat /var/www/html/sysops/index.html This is xFusionCorp Industries Protected Directory![[email protected] sysops] systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
[[email protected] sysops] systemctl enable httpd Failed to execute operation: The name org.freedesktop.PolicyKit1 was not provided by any .service files [[email protected] sysops] systemctl restart httpd
Failed to restart httpd.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files
See system logs and ‘systemctl status httpd.service’ for details.
[[email protected] sysops] systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:httpd(8) man:apachectl(8) [[email protected] sysops] sudo systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[[email protected] sysops] sudo systemctl restart httpd [[email protected] sysops] sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-08-05 23:48:58 UTC; 11s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 566 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
CGroup: /docker/7980af042423d43c66c6e4c8c8dc5c48b0f0b624299d4c92beba5106bc2125d4/system.slice/httpd.service
├─566 /usr/sbin/httpd -DFOREGROUND
├─567 /usr/sbin/httpd -DFOREGROUND
├─568 /usr/sbin/httpd -DFOREGROUND
├─569 /usr/sbin/httpd -DFOREGROUND
├─570 /usr/sbin/httpd -DFOREGROUND
└─571 /usr/sbin/httpd -DFOREGROUND

Aug 05 23:48:58 stapp03 systemd[1]: Starting The Apache HTTP Server…
Aug 05 23:48:58 stapp03 httpd[566]: AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, usin… message
Aug 05 23:48:58 stapp03 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[[email protected] sysops]$ curl -u mark:8FmzjvFU6S http://stapp03:8080/sysops

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at [email protected] to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

[[email protected] sysops]$ curl -u mark:8FmzjvFU6S http://stapp03:8080/sysops