Bug Deny/Allow wird nicht beachtet

Dieses Thema im Forum "Allgemein" wurde erstellt von JFF, 17. Okt. 2013.

  1. JFF

    JFF New Member

    Hi,

    ich habe phpmyadmin installiert und in der /etc/apache2/conf.d/phpmyadmin.conf den Zugriff mit

    Code:
    Alias /phpmyadmin /usr/share/phpmyadmin
    
    <Directory /usr/share/phpmyadmin>
            Options FollowSymLinks
            DirectoryIndex index.php
    
            Order Deny,Allow
            Deny from all
            # allow from 127.0.0.0/255.0.0.0 ::1/128
            Allow from 127.0.0.0/255.0.0.0 XX.XX.XX.0/24 ::1/128
    [...]
    
    auf localhost und ein VPN gelegt.

    Der Zugriff über Server-IP geht jedoch immer noch.

    In other_vhosts_access.log wird geloggt (XX.XX.XX.XX = ServerIP):

    Code:
    domain.tld:80 XX.XX.XX.XX - - [17/Oct/2013:12:51:38 +0200] "GET /phpmyadmin/themes/pmahomme/img/marked_bg.png HTTP/1.1" 304 187 "http://XX.XX.XX.XX/phpmyadmin/phpmyadmin.css.php?server=1&token=49c031f3b62e25648c40791024a494b2&js_frame=right&nocache=5476310917" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0"
    
    In ISPConfig ist die domain.tld die erste in der Liste. Eigentlich sollte das doch in der access.log stehen?

    In der entsprechenden vhost-Konfiguration steht:


    siehe nächster Post:
     
  2. JFF

    JFF New Member

    In der entsprechenden vhost-Konfiguration steht:

    Code:
    <Directory /var/www/domain.tld>
                    AllowOverride None
                    Order Deny,Allow
                    Deny from all
    </Directory>
    
    <VirtualHost XX.XX.XX.XX:80>
                                            DocumentRoot /var/www/domain.tld/web
    
                    ServerName domain.tld
                    ServerAlias www.domain.tld
                    ServerAdmin webmaster@domain.tld
    
                    ErrorLog /var/log/ispconfig/httpd/domain.tld/error.log
    
                    Alias /error/ "/var/www/domain.tld/web/error/"
                    ErrorDocument 400 /error/400.html
                    ErrorDocument 401 /error/401.html
                    ErrorDocument 403 /error/403.html
                    ErrorDocument 404 /error/404.html
                    ErrorDocument 405 /error/405.html
                    ErrorDocument 500 /error/500.html
                    ErrorDocument 502 /error/502.html
                    ErrorDocument 503 /error/503.html
    
                    <IfModule mod_ssl.c>
                    </IfModule>
    
                    <Directory /var/www/domain.tld/web>
                                    Options FollowSymLinks
                                    AllowOverride All
                                    Order allow,deny
                                    Allow from all
    
                                    # ssi enabled
                                    AddType text/html .shtml
                                    AddOutputFilter INCLUDES .shtml
                                    Options +Includes
                    </Directory>
                    <Directory /var/www/clients/client1/web2/web>
                                    Options FollowSymLinks
                                    AllowOverride All
                                    Order allow,deny
                                    Allow from all
    
                                    # ssi enabled
                                    AddType text/html .shtml
                                    AddOutputFilter INCLUDES .shtml
                                    Options +Includes
                    </Directory>
    
                    <IfModule mod_ruby.c>
                            <Directory /var/www/domain.tld/web>
                                    Options +ExecCGI
                            </Directory>
                            RubyRequire apache/ruby-run
                            #RubySafeLevel 0
                            AddType text/html .rb
                            AddType text/html .rbx
                            <Files *.rb>
                                    SetHandler ruby-object
                                    RubyHandler Apache::RubyRun.instance
                            </Files>
                            <Files *.rbx>
                                    SetHandler ruby-object
                                    RubyHandler Apache::RubyRun.instance
                            </Files>
                    </IfModule>
    
                    <IfModule mod_perl.c>
                            PerlModule ModPerl::Registry
                            PerlModule Apache2::Reload
                            <Directory /var/www/domain.tld/web>
                                    PerlResponseHandler ModPerl::Registry
                                    PerlOptions +ParseHeaders
                                    Options +ExecCGI
                            </Directory>
                <Files *.pl>
                                    SetHandler perl-script
                </Files>
                    </IfModule>
    
                    <IfModule mod_python.c>
                            <Directory /var/www/domain.tld/web>
                                    AddHandler mod_python .py
                                    PythonHandler mod_python.publisher
                                    PythonDebug On
                            </Directory>
                    </IfModule>
    
                    # cgi enabled
            <Directory /var/www/clients/client1/web2/cgi-bin>
                            Order allow,deny
                            Allow from all
                    </Directory>
                    ScriptAlias  /cgi-bin/ /var/www/clients/client1/web2/cgi-bin/
                    AddHandler cgi-script .cgi
                    AddHandler cgi-script .pl
                    # suexec enabled
                    <IfModule mod_suexec.c>
                            SuexecUserGroup web2 client1
                    </IfModule>
                    # Clear PHP settings of this website
                    <FilesMatch "\.ph(p3?|tml)$">
                                    SetHandler None
                    </FilesMatch>
                    # php as fast-cgi enabled
            # For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
                    <IfModule mod_fcgid.c>
                                    IdleTimeout 300
                                    ProcessLifeTime 3600
                                    # MaxProcessCount 1000
                                    DefaultMinClassProcessCount 0
                                    DefaultMaxClassProcessCount 100
                                    IPCConnectTimeout 3
                                    IPCCommTimeout 360
                                    BusyTimeout 300
                    </IfModule>
                    <Directory /var/www/domain.tld/web>
                                    AddHandler fcgid-script .php .php3 .php4 .php5
                                    FCGIWrapper /var/www/php-fcgi-scripts/web2/.php-fcgi-starter .php
                                    Options +ExecCGI
                                    AllowOverride All
                                    Order allow,deny
                                    Allow from all
                    </Directory>
                    <Directory /var/www/clients/client1/web2/web>
                                    AddHandler fcgid-script .php .php3 .php4 .php5
                                    FCGIWrapper /var/www/php-fcgi-scripts/web2/.php-fcgi-starter .php
                                    Options +ExecCGI
                                    AllowOverride All
                                    Order allow,deny
                                    Allow from all
                    </Directory>
    
    
                    # add support for apache mpm_itk
                    <IfModule mpm_itk_module>
                            AssignUserId web2 client1
                    </IfModule>
    
                    <IfModule mod_dav_fs.c>
                    # Do not execute PHP files in webdav directory
                            <Directory /var/www/clients/client1/web2/webdav>
                                    <ifModule mod_security2.c>
                                            SecRuleRemoveById 960015
                                            SecRuleRemoveById 960032
                                    </ifModule>
                                    <FilesMatch "\.ph(p3?|tml)$">
                                            SetHandler None
                                    </FilesMatch>
                            </Directory>
                            DavLockDB /var/www/clients/client1/web2/tmp/DavLock
                            # DO NOT REMOVE THE COMMENTS!
                            # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
                            # WEBDAV END
                    </IfModule>
    
    
    </VirtualHost>
    
    [...]
    
    
    Any hints?

    Jörg
     
    Zuletzt bearbeitet: 17. Okt. 2013

Diese Seite empfehlen