HowTo
restrict file access via the web e-smith release: 4.1.x/SME5 |
Problem: You want to restrict access to critical files via the web server. Typically this is to protect PHP application configuration files that hold sensitive login and password information. Solution: Implement the following httpd.conf template fragments via the steps below. See the Mitel security advisory below for one example: Security
Advisory -- PHP-Nuke Remote Compromises |
|
STEP 1: You will need to create a custom template for Apache. Execute the following commands from the server command line: # mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf # pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/88RestrictFileAccess In the editor, enter: <Directory /path-to-files> <Files file1 file2 ...> order deny,allow deny from all allow from address1 address2 ... </Files> </Directory> Replace /path-to-files with the full directory path to the files you wish to protect on your server. For example, if it is in the primary i-bay, use /home/e-smith/files/primary/html. Add multiple <Directory>...</Directory> blocks if required. Replace address1 address2 ... with a space-separated list of individual IP addresses, or netblocks in CIDR notation. For example, 127.0.0.1 would allow access from localhost, and 127.0.0.1 192.168.1.0/24 would allow access from both localhost and any system with an address from 192.168.1.1 to 192.168.1.254. Here is the completed example, based on the above settings and restricting access to a file named admin.php3: <Directory
/home/e-smith/files/primary/html> http://yourprimarydomain.com/admin.php3 |
|