I\u2019m setting up a new Ubuntu server and while most of the defaults are fine, there are some things that I need to adjust. I have a very shallow understanding of this stuff, so there could be better and more secure ways to do this, but this works for me.<\/p>\n
There isn\u2019t any reason that people need to see the include files that I use in my websites. You could name them .inc.php so that the raw code isn\u2019t available, but that\u2019s not very elegant, and outsiders can still access the file. There isn\u2019t anything particularly sensitive in them, but by themselves, they don\u2019t display correctly. So I added a few lines to my \/etc\/apache2\/apache2.conf file. Just below the section that disallows viewing .htacess files.
\n
\n#\n# The following lines prevent .htaccess and .htpasswd files from being \n# viewed by Web clients. \n#\n<Files ~ "^\\.ht">\n Order allow,deny\n Deny from all\n Satisfy all\n<\/Files>\n\n# The following lines prevent .inc files from being\n# viewed by Web clients.\n#\n<Files ~ "\\.inc$">\n Order allow,deny\n Deny from all\n<\/Files>\n#\n<\/code><\/pre><\/p>\nPrevent directory browsing<\/h3>\n
If you have a bunch of images in a directory, then anyone who wants can view all of them just by looking at the web page source and putting the directory name after your URL. I\u2019d rather they not do that, so I restrict listing of the files by adding this line to my \/etc\/apache2\/httpd.conf file. On my default Ubuntu install this file is empty.
\n
\nOptions Includes FollowSymLinks MultiViews\n<\/code><\/pre><\/p>\nRestart Apache for the changes to take effect.<\/p>\n
Alternate method to prevent directory browsing<\/h3>\n
If you want to prevent directory browsing in just one directory and either don\u2019t want to change the whole site or don\u2019t have access to the files named above, add this line to your .htaccess file.
\n
\nOptions -Indexes\n<\/code><\/pre><\/p>\nProbably don\u2019t have to restart Apache for changes to take effect.<\/p>\n
Prevent Directory Browsing on a Per Site Basis<\/h3>\n
Changing the httpd.conf file will change the behavior of all sites on your server. If you want to change the behavior of just one site, edit its file in \/etc\/apache2\/sites-avalilable. Find the line that has Options FollowSymLinks in it and if it has Indexes in it, delete it. This is what the default Ubuntu install has.
\n
\n <Directory \/var\/www\/>\n Options Indexes FollowSymLinks MultiViews\n AllowOverride None\n Order allow,deny\n allow from all\n <\/Directory>\n<\/code><\/pre>
\nProbably do have to restart Apache for changes to take effect.<\/p>\nPrevent access to your include directory<\/h3>\n
Add this to your site\u2019s file in \/etc\/apache2\/sites-avalilable.
\n
\n#<Directory \/www\/MySite\/include.php>\n# Deny from all\n#<\/Directory>\n<\/code><\/pre><\/p>\nShow an error document instead of the default 404 error<\/h3>\n
Create a normal php document with your sites navigation and a message that says the file can\u2019t be found and maybe you can find it with the nav menus. Add this to your site\u2019s file in \/etc\/apache2\/sites-avalilable. And while you are at it, there is no reason you need to tell anyone that they don\u2019t have permission to see a particular file, just tell them it\u2019s not found, so add the same line for a 403 error. I take them back to the main page and display the missing file in the main page.
\n
\nErrorDocument 404 \/index.php?p=missing\nErrorDocument 403 \/index.php?p=missing\n<\/code><\/pre><\/p>\n","protected":false},"excerpt":{"rendered":"I\u2019m setting up a new Ubuntu server and while most of the defaults are fine, there are some things that I need to adjust. I have a very shallow understanding of this stuff, so there could be better and more secure ways to do this, but this works for me. Disallow access to PHP include … Continue reading Notes on setting up a server.<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-1791","post","type-post","status-publish","format-standard","hentry","category-computers"],"_links":{"self":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/1791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1791"}],"version-history":[{"count":0,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/1791\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1791"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1791"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}