Como liberar serviço especifico no Apache? [RESOLVIDO]

avancinirodrigo
(usa Suse)

Enviado em 20/12/2012 - 16:48h

Boa tarde turma do VOL,
Estou com o seguinte problema, tenho que liberar a porta 80 para a web (externo), mas gostaria de liberar somente um serviço, ex:
htdocs
|
site 1
|
site 2
|
site 3

Gostaria de liberar somente o "site 2" para a web, mas quando libero a porta 80, todos os sites ficam disponíveis.
Existe alguma regra que possa ser configurada no Apache para fazer essa restrição?

Obrigado!

Att.
Rodrigo

removido
(usa Nenhuma)

Enviado em 20/12/2012 - 21:33h

Sim, é possível fazer o que vc está querendo.

O apache pode trabalhar com áreas que são restritas por senhas, baseados em faixas de ip ou nomes de host.

Gentileza consultar a documentação em

http://httpd.apache.org/docs/2.2/pt-br/mod/

e ver qual dos módulos atende melhor o seu caso.

Kyetoy

andrecanhadas
(usa Debian)

Enviado em 20/12/2012 - 21:38h

Nas configurações do site2 coloque :

Allow from 127.0.0.0/255.0.0.0 ::1/128

Allow from 192.168.1.0/24

Deny from all

 

Claro que trocando (Allow from 192.168.1.0/24) para a sua rede interna

avancinirodrigo
(usa Suse)

Enviado em 21/12/2012 - 11:13h

Obrigado andrecanhadas, mas, onde coloco essas regras, caso seja no .conf, são em quais sessões?
Outra duvida, como vou liberar o "site 2" para todos inclusive para acesso externo devo restringir os demais sites, certo?

andrecanhadas
(usa Debian)

Enviado em 21/12/2012 - 11:25h

Como configurou o seu virtualhosts?

A proposito as configs que passei devem sem para os site1 e site3 ja que quer liberar apenas o site2 para a web.

Para o site2 deixe como o default ou seja: Allow from all

avancinirodrigo
(usa Suse)

Enviado em 21/12/2012 - 11:39h

Cara, minha configuração esta default, não tem nenhuma restrição a site nenhum, na rede interna todos os "sites" são liberados, mas agora vou liberar pra web, então gostaria de liberar somente o "site 2", não sei onde coloco essa regra, pois o httpd.conf é dividido em sessões, ex: <Directory></Directory>, <Location></Location>, etc..

andrecanhadas
(usa Debian)

Enviado em 21/12/2012 - 12:11h

posta o httpd.conf trocando os dominios por site1,site2 etc para evitar expor aqui:

avancinirodrigo
(usa Suse)

Enviado em 21/12/2012 - 12:21h

O default não precisa configurar acesso aos sites, todos já estão liberados..

#
# /etc/apache2/httpd.conf
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs-2.2/> for detailed information about
# the directives.

# Based upon the default apache configuration file that ships with apache,
# which is based upon the NCSA server configuration files originally by Rob
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.

# If possible, avoid changes to this file. It does mainly contain Include
# statements and global settings that can/should be overridden in the
# configuration of your virtual hosts.

# Quickstart guide:
# http://en.opensuse.org/Apache_Quickstart_HOWTO


# Overview of include files, chronologically:
#
# httpd.conf
# |
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
# |-- sysconfig.d/loadmodule.conf . . . . . [*] load these modules
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
# |-- mod_log_config.conf . . . . . . . . . define logging formats
# |-- sysconfig.d/global.conf . . . . . . . [*] server-wide general settings
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
# |-- errors.conf . . . . . . . . . . . . . customize error responses
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
# |
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
# |
# |-- sysconfig.d/include.conf . . . . . . [*] your include files
# | (for each file to be included here, put its name
# | into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
# |
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
#
#
# Files marked [*] are created from sysconfig upon server restart: instead of
# these files, you edit /etc/sysconfig/apache2



# Filesystem layout:
#
# /etc/apache2/
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap
# |-- conf.d/
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages
# |-- default-server.conf
# |-- errors.conf
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file
# |-- listen.conf
# |-- magic
# |-- mime.types -> ../mime.types
# |-- mod_autoindex-defaults.conf
# |-- mod_info.conf
# |-- mod_log_config.conf
# |-- mod_mime-defaults.conf
# |-- mod_perl-startup.pl
# |-- mod_status.conf
# |-- mod_userdir.conf
# |-- mod_usertrack.conf
# |-- server-tuning.conf
# |-- ssl-global.conf
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL)
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
# |-- sysconfig.d/ . . . . . . . . . . . . files that are created from /etc/sysconfig/apache2
# | |-- global.conf
# | |-- include.conf
# | `-- loadmodule.conf
# |-- uid.conf
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
# |-- vhost-ssl.template
# `-- vhost.template



### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.

# run under this user/group id
Include /etc/apache2/uid.conf

# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf

# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log

# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf

# IP addresses / ports to listen on
Include /etc/apache2/listen.conf

# predefined logging formats
Include /etc/apache2/mod_log_config.conf

# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf

# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf

# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf

# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf

# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf

# set up (customizable) error responses
Include /etc/apache2/errors.conf

# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf

# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>

# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

# List of resources to look for when the client requests a directory
DirectoryIndex index.html index.html.var

### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
Include /etc/apache2/default-server.conf


# Another way to include your own files
#
# The file below is generated from /etc/sysconfig/apache2,
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
# APACHE_CONF_INCLUDE_DIRS
Include /etc/apache2/sysconfig.d/include.conf


### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs-2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
Include /etc/apache2/vhosts.d/*.conf


# Note: instead of adding your own configuration here, consider
# adding it in your own file (/etc/apache2/httpd.conf.local)
# putting its name into APACHE_CONF_INCLUDE_FILES in
# /etc/sysconfig/apache2 -- this will make system updates
# easier :)

andrecanhadas
(usa Debian)

Enviado em 21/12/2012 - 12:29h

Mas onde você definiu os virtualhosts ou seja o site1 esta no diretorio tal o site2 esta no diretorio tal:

Aqui no debian eu configuro isso no /etc/apache2/httpd.conf

NameVirtualHost *



  <VirtualHost *>

    ServerName localhost

    DocumentRoot /var/www/

    Allow from 127.0.0.0/255.0.0.0 ::1/128 

    Allow from 192.168.1.0/24

    Deny from all

  </VirtualHost>



  <VirtualHost *>

    ServerName dominio.com.br

    DocumentRoot /var/www/dominio.com.br/

    Allow from all

  </VirtualHost>

 

avancinirodrigo
(usa Suse)

Enviado em 21/12/2012 - 12:36h

Agora entendi o que você esta falando, nunca precisei de configurar os virtuals hosts, na configuração default coloco tudo dentro www/htdocs, com isso todos os sites ficam liberados..

andrecanhadas
(usa Debian)

Enviado em 21/12/2012 - 13:48h

Mas todos os sites iniciam em uma unica pasta?

Se for assim não vai funcionar desta maneira teria que ser por .htaccess

Só corrigindo como não estou usando bloqueios a ordem correta é Deny from all e depois o que quer liberar

avancinirodrigo
(usa Suse)

Enviado em 21/12/2012 - 14:02h

Não é bem assim, todos os sites ficam em um único diretório, mas eles são acessados pelo domínio da maquina, ex: nome da maquina: server -> http://server (referencia a porta 80), então para acessar os "sites" basta digitar os endereços: http://server/site1, http://server/site2, http://server/site3 ...

Normalmente isso é feito também em serviços de hospedagem na web... Nunca precisei configurar o httpd.conf para isso. Mas agora estou precisando :)