Disabling access to certain directories in Apache is a common practice for security and privacy. Restricting access ensures that unauthorized users cannot access sensitive data or files.
In a standard Apache installation, directories may be accessed freely unless specifically restricted. It may include directories that hold configurations, scripts, or data files that are not intended to be publicly accessible.
The practice of disabling access to specific directories is fundamental in web server administration. Whether you are running a website, web application, or any HTTP service, proper directory restriction is vital. The configuration is typically done in the Apache configuration files, such as .htaccess or httpd.conf.
$ sudo grep -nr "<Directory" /etc/{apache2,httpd}/ /etc/apache2/sites-available/default-ssl.conf:98: <Directory /usr/lib/cgi-bin> /etc/apache2/sites-available/000-default.conf:20: <Directory /home/user/website/> /etc/apache2/apache2.conf:159:<Directory /> /etc/apache2/apache2.conf:165:<Directory /usr/share> /etc/apache2/apache2.conf:170:<Directory /var/www/> /etc/apache2/apache2.conf:176:#<Directory /srv/> /etc/apache2/mods-available/alias.conf:15:<Directory "/usr/share/apache2/icons"> /etc/apache2/mods-available/userdir.conf:4:<Directory /home/*/public_html> /etc/apache2/conf-available/localized-error-pages.conf:50:# <Directory "/usr/share/apache2/error"> /etc/apache2/conf-available/serve-cgi-bin.conf:12: <Directory "/usr/lib/cgi-bin">
$ sudo vi /etc/apache2/sites-available/000-default.conf
<Directory /home/user/website/> Require all granted </Directory> <Directory /home/user/website/forbid/> Order deny,allow Deny from all </Directory>
Deny directive could be set to subdirectories of existing folder with allow permission.
Allow from 192.168.1.100
This example allows access only from the IP address 192.168.1.100, replacing it with the desired IP or range.
$ sudo systemctl restart apache2 # For Ubuntu/Debian $ sudo systemctl restart httpd # For CentOS/Red Hat
$ curl 127.0.0.1/forbid/ <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access this resource.</p> <hr> <address>Apache/2.4.55 (Ubuntu) Server at 127.0.0.1 Port 80</address> </body></html>
If configured correctly, the server should respond with a 403 Forbidden status.
Comment anonymously. Login not required.