Configure Protected Directories in Apache puzzle

#44

@ramashish.sharma tried with that as well but didn’t help!

#45

share you httpd config file:

/etc/httpd/conf/httpd.conf

#46

Directory should be “/var/www/html/sysops” in the above

1 Like
#47

Please read this forum carefully, you have all your answers in here…!!!

#48

Will share conf file.

#49

image
image693×413 40.4 KB

snippet of conf file:

ServerName 172.16.238.11:8080

Deny access to the entirety of your server’s filesystem. You must

explicitly permit access to web content directories in other

blocks below.

AllowOverride none Require all denied

Note that from this point forward you must specifically allow

particular features to be enabled - so if something’s not working as

you might expect, make sure that you have specifically enabled it

below.

DocumentRoot: The directory out of which you will serve your

documents. By default, all requests are taken from this directory, but

symbolic links and aliases may be used to point to other locations.

<Directory “/var/www/html/data”>
AllowOverride AuthConfig

DocumentRoot “/var/www/html”

Relax access to content within /var/www.

<Directory “/var/www”>
AllowOverride None
# Allow open access:
Require all granted

Further relax access to the default document root:

<Directory “/var/www/html”>
#
# Possible values for the Options directive are “None”, “All”,
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that “MultiViews” must be named explicitly — “Options All”
# doesn’t give it to you.
#
# The Options directive is both complicated and important. Please see
# core - Apache HTTP Server Version 2.4
# for more information.
#
Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
AllowOverride All

#
# Controls who can get stuff from this server.
#
Require all granted

@ramashish.sharma

#50

image

thor@jump_host /$ curl -u jim:Rc5C9EyvbU http://stapp02:8080/data/

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

#51

Config file looks good. Time to check your error log file.

tail -100 /etc/httpd/logs/error_log

#52

@ramashish.sharma pls look into the logs!

banner@stapp03’s password:
Last login: Tue Aug 25 18:52:06 2020 from jump_host.linuxprotecteddirhttpd_app_net
[banner@stapp03 ~]$ sudo tail -100 /etc/httpd/logs/error_log
[sudo] password for banner:
[Tue Jan 07 16:48:13.426245 2020] [suexec:notice] [pid 235] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
[Tue Jan 07 16:48:13.448647 2020] [lbmethod_heartbeat:notice] [pid 235] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 07 16:48:13.477225 2020] [mpm_prefork:notice] [pid 235] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 configured – resuming normal operations
[Tue Jan 07 16:48:13.477269 2020] [core:notice] [pid 235] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Tue Jan 07 17:01:19.920118 2020] [mpm_prefork:notice] [pid 235] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Jan 07 17:01:21.039421 2020] [suexec:notice] [pid 302] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
[Tue Jan 07 17:01:21.057366 2020] [lbmethod_heartbeat:notice] [pid 302] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 07 17:01:21.073887 2020] [mpm_prefork:notice] [pid 302] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 configured – resuming normal operations
[Tue Jan 07 17:01:21.073925 2020] [core:notice] [pid 302] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Tue Jan 07 17:56:31.674688 2020] [suexec:notice] [pid 153] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
[Tue Jan 07 17:56:31.693602 2020] [lbmethod_heartbeat:notice] [pid 153] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 07 17:56:31.709042 2020] [mpm_prefork:notice] [pid 153] AH00163: Apache/2.4.6 (CentOS) PHP/5.4.16 configured – resuming normal operations
[Tue Jan 07 17:56:31.709086 2020] [core:notice] [pid 153] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Tue Jan 07 18:12:16.894145 2020] [mpm_prefork:notice] [pid 153] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Jan 07 18:12:18.017767 2020] [suexec:notice] [pid 385] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.2. Set the ‘ServerName’ directive globally to suppress this message
[Tue Jan 07 18:12:18.035993 2020] [lbmethod_heartbeat:notice] [pid 385] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 07 18:12:18.061043 2020] [mpm_prefork:notice] [pid 385] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.26 configured – resuming normal operations
[Tue Jan 07 18:12:18.061080 2020] [core:notice] [pid 385] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
sh: /usr/sbin/sendmail: No such file or directory
[Wed Jan 08 06:13:19.588078 2020] [suexec:notice] [pid 168] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using 172.17.0.3. Set the ‘ServerName’ directive globally to suppress this message
[Wed Jan 08 06:13:19.606738 2020] [lbmethod_heartbeat:notice] [pid 168] AH02282: No slotmem from mod_heartmonitor
[Wed Jan 08 06:13:19.651100 2020] [mpm_prefork:notice] [pid 168] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.26 configured – resuming normal operations
[Wed Jan 08 06:13:19.651164 2020] [core:notice] [pid 168] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Wed Jan 08 06:14:32.865753 2020] [autoindex:error] [pid 170] [client 127.0.0.1:57770] AH01276: Cannot serve directory /var/www/html/: Nomatching DirectoryIndex (index.html,index.php) found, and server-generated directory index forbidden by Options directive
[Tue Aug 25 18:46:41.267389 2020] [suexec:notice] [pid 346] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Aug 25 18:46:41.350870 2020] [lbmethod_heartbeat:notice] [pid 346] AH02282: No slotmem from mod_heartmonitor
[Tue Aug 25 18:46:41.713619 2020] [mpm_prefork:notice] [pid 346] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.26 configured – resuming normal operations
[Tue Aug 25 18:46:41.713673 2020] [core:notice] [pid 346] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Tue Aug 25 18:50:52.565836 2020] [core:alert] [pid 348] [client 172.16.238.3:35890] /var/www/html/data/.htaccess: AuthName takes one argument, the authentication realm (e.g. “Members Only”)
[Tue Aug 25 19:00:09.775875 2020] [mpm_prefork:notice] [pid 346] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Aug 25 19:00:10.884381 2020] [suexec:notice] [pid 434] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Aug 25 19:00:10.910893 2020] [lbmethod_heartbeat:notice] [pid 434] AH02282: No slotmem from mod_heartmonitor
[Tue Aug 25 19:00:10.929577 2020] [mpm_prefork:notice] [pid 434] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.26 configured – resuming normal operations
[Tue Aug 25 19:00:10.929621 2020] [core:notice] [pid 434] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Tue Aug 25 19:03:12.611238 2020] [mpm_prefork:notice] [pid 434] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Aug 25 19:03:13.814600 2020] [suexec:notice] [pid 604] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Aug 25 19:03:13.850205 2020] [lbmethod_heartbeat:notice] [pid 604] AH02282: No slotmem from mod_heartmonitor
[Tue Aug 25 19:03:13.954144 2020] [mpm_prefork:notice] [pid 604] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.26 configured – resuming normal operations
[Tue Aug 25 19:03:13.954188 2020] [core:notice] [pid 604] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Tue Aug 25 19:09:36.772199 2020] [mpm_prefork:notice] [pid 604] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Aug 25 19:09:38.006222 2020] [suexec:notice] [pid 626] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Aug 25 19:09:38.034339 2020] [lbmethod_heartbeat:notice] [pid 626] AH02282: No slotmem from mod_heartmonitor
[Tue Aug 25 19:09:38.089105 2020] [mpm_prefork:notice] [pid 626] AH00163: Apache/2.4.6 (CentOS) PHP/7.2.26 configured – resuming normal operations
[Tue Aug 25 19:09:38.089151 2020] [core:notice] [pid 626] AH00094: Command line: ‘/usr/sbin/httpd -D FOREGROUND’
[Tue Aug 25 19:10:42.006017 2020] [core:alert] [pid 628] [client 172.16.238.3:36152] /var/www/html/data/.htaccess: AuthName takes one argument, the authentication realm (e.g. “Members Only”)

#53

Hi @ramashish.sharma @girish.shet187,

This is what I had/have:

<Directory “/var/www/html/data”>

  AllowOverride AuthConfig

</Directory>

…in other words:

 <Directory “/var/www/html/<new-directory>”>

      AllowOverride AuthConfig

 </Directory>
#54

Check this error, your httpd conf file is missing this…

#55

Your .htaccess file having issue, remove AuthName line completely and re type it. Don’t copy paste in .htaccess file …as it holds few hidden junk characters…

#56

Thank you Juliettet, I was trying to help Girish :slightly_smiling_face:

#57

@ramashish.sharma can you please tell me what exactly I missed here.

#58

Hi @girish.shet187,

I came across the same issue. See if running these commands resolves your issue:

# get logs
sudo cat /var/log/httpd/access_log 

cd /etc/httpd
ls -la
sudo chmod 744 .htpasswd

If that doesn’t work, also (in addition to the above commands, also run from /etc/httpd:

sudo chown apache:apache .htpasswd

I hope that this helps:-)

#59

Seems it had issue with file permissions.
Thank you so much @juliettet @ramashish.sharma :slight_smile: , finally task completed!

1 Like
#60

Awesome!! I’m glad that you have figured it out. :grinning:

#61

My solution: Configure protected directories in Apache

#63

Hi @Inderpreet, I have done below steps and have managed to curl the http server, but the task still showed failure. Could you please let me know which steps I have missed. Thanks

httpd
httpd1074×103 11.2 KB

Steps

  1. Create a subfolder which is going to be protect
    e.g. mkdir -p /var/www/html/devops

  2. Create/add .htaccess file to the folder created above
    vim /var/www/html/devops/.htaccess
    AuthType Basic
    AuthName “Restricted Content”
    AuthUserFile /etc/httpd/.htpasswd
    Require valid-user

  3. Create a user/password in htpasswd
    htpasswd -c /etc/httpd/.htpasswd rose

  4. Modify the configuration file by adding below section…
    vim /etc/httpd/conf/httpd.conf
    <Directory “/var/www/html/”>
    AllowOverride AuthConfig
    Require all granted

  5. Start/restart httpd
    systemctl start httpd
    or
    systemctl restart httpd

    Note: you can run below command to check the syntax of the configure file
    httpd -t

  6. Go to jumper server and run below command to access the protected folder index
    Note: make sure you have scp the file from the jumper server to /var/www/html/devops

curl -u : http://<server ip/name>:8080/

#64

@Chance

I think in the task description they mentioned App server 2.