Migration vers directive Require d'Apache
This commit is contained in:
parent
fffc4e4e30
commit
8a29658c7a
|
@ -498,8 +498,7 @@ loaded, and set up a virtual host with the following configuration:
|
|||
ProxyRequests Off
|
||||
|
||||
<Proxy *>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
Require all granted
|
||||
</Proxy>
|
||||
|
||||
ProxyPassReverse / http://127.0.0.1:5001
|
||||
|
@ -570,8 +569,7 @@ Now add the following lines to the apache configuration file for the
|
|||
ProxyRequests Off
|
||||
|
||||
<Proxy *>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
Require all granted
|
||||
</Proxy>
|
||||
|
||||
ProxyPass /wiki/ http://127.0.0.1:5001/
|
||||
|
|
|
@ -132,9 +132,8 @@ MaxSpareServers 30
|
|||
MaxRequestsPerChild 100
|
||||
<Directory /home/>
|
||||
AllowOverride None
|
||||
Require all granted
|
||||
# "Require not env XXX" is not supported :(
|
||||
Deny from env=GoAway
|
||||
# Equivalent à "Require not env GoAway"
|
||||
Require expr "-z %{reqenv:GoAway}"
|
||||
</Directory>
|
||||
<IfModule mod_ssl.c>
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
|
@ -154,7 +153,7 @@ ipaddr_whitelist.conf` à différents endroits dans la configuration
|
|||
d'Apache sans dupliquer ces adresses :
|
||||
|
||||
~~~{.apache}
|
||||
Allow from 192.0.2.42
|
||||
Require ip 192.0.2.42
|
||||
~~~
|
||||
|
||||
Pour la [gestion des droits](#gestion-des-droits) on ajoute dans le fichier `/etc/apache2/envvars` :
|
||||
|
@ -210,10 +209,8 @@ Exemple d'un VirtualHost basé sur un nom de domaine via
|
|||
AuthUserFile /home/example/.htpasswd
|
||||
require valid-user
|
||||
|
||||
Deny from all
|
||||
Include ipaddr_whitelist.conf
|
||||
Allow from 192.0.2.43
|
||||
Satisfy any
|
||||
Require ip 192.0.2.43
|
||||
</Directory>
|
||||
|
||||
AssignUserID www-example example
|
||||
|
@ -481,7 +478,7 @@ ProxyPreserveHost On
|
|||
ProxyPass /foo/ http://127.0.0.1:8080/bar
|
||||
ProxyPassReverse /foo/ http://127.0.0.1:8080/bar
|
||||
<Proxy *>
|
||||
Allow from All
|
||||
Require all granted
|
||||
</Proxy>
|
||||
~~~
|
||||
|
||||
|
@ -493,7 +490,7 @@ ProxyPreserveHost On
|
|||
ProxyPass / http://192.0.2.17/
|
||||
ProxyPassReverse / http://192.0.2.17/
|
||||
<Proxy *>
|
||||
Allow from All
|
||||
Require all granted
|
||||
</Proxy>
|
||||
~~~
|
||||
|
||||
|
@ -505,7 +502,7 @@ ProxyPreserveHost On
|
|||
ProxyPass / https://192.0.2.17/
|
||||
ProxyPassReverse / https://192.0.2.17/
|
||||
<Proxy *>
|
||||
Allow from All
|
||||
Require all granted
|
||||
</Proxy>
|
||||
~~~
|
||||
|
||||
|
@ -515,7 +512,7 @@ S'il y a besoin d'appliquer des règles spécifiques tel que des Alias avant que
|
|||
Alias /dossier/ /home/$USER/dossier/
|
||||
<Directory /home/$USER/dossier/>
|
||||
Options +SymLinksIfOwnerMatch +Indexes
|
||||
Allow from All
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
ProxyPreserveHost On
|
||||
|
@ -531,7 +528,7 @@ Le module
|
|||
[mod_remoteip](https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html)(**mod_rpaf** en Wheezy)
|
||||
permet d'utiliser la 1ère adresse IP située
|
||||
dans un entête HTTP type *X-Forwarded-For* pour les logs Apache et
|
||||
directives **mod_access** (Allow/Deny From).
|
||||
directives "Require" de**mod_authz_host**.
|
||||
|
||||
|
||||
Voici un exemple d'utilisation en Wheezy pour un reverse-proxy avec
|
||||
|
@ -616,8 +613,7 @@ Exemple avec un service HTTP local :
|
|||
Options IncludesNoExec
|
||||
AddOutputFilter Includes html
|
||||
AddHandler type-map var
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Require all granted
|
||||
LanguagePriority en cs de es fr it nl sv pt-br ro
|
||||
ForceLanguagePriority Prefer Fallback
|
||||
</Directory>
|
||||
|
@ -1154,10 +1150,9 @@ manuelle ou automatique.
|
|||
ExtendedStatus On
|
||||
<Location /server-status-XXXX>
|
||||
SetHandler server-status
|
||||
Deny from all
|
||||
Include ipaddr_whitelist.conf
|
||||
Allow from 192.0.2.43
|
||||
Allow from 127.0.0.1
|
||||
Require ip 192.0.2.43
|
||||
Require ip 127.0.0.1
|
||||
</Location>
|
||||
</IfModule>
|
||||
~~~
|
||||
|
@ -1297,8 +1292,7 @@ de la racine apache, car cela concernera tout les vhosts.
|
|||
ErrorDocument XXX /YYYYYY/page.html
|
||||
Alias /YYYYYY /var/www/
|
||||
<Directory /var/www/>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Require all granted
|
||||
DirectoryIndex page.html
|
||||
</Directory>
|
||||
~~~
|
||||
|
|
|
@ -97,12 +97,12 @@ Listen *:631
|
|||
|
||||
<Location />
|
||||
Order allow,deny
|
||||
Allow from 192.0.32.0/24
|
||||
Require ip 192.0.32.0/24
|
||||
</Location>
|
||||
|
||||
~~~
|
||||
|
||||
Il faut ensuite ajouter `Allow from 192.0.32.0/24` pour les sections et actions souhaitées.
|
||||
Il faut ensuite ajouter `Require ip 192.0.32.0/24` pour les sections et actions souhaitées.
|
||||
|
||||
Pour les sections et actions critiques, une authentification supplémentaire est nécessaire.
|
||||
Cela se base sur les utilisateurs Unix, pour autoriser un utilisateur on l'ajoutera dans le groupe `lpadmin` :
|
||||
|
|
|
@ -254,8 +254,6 @@ Exemple de VirtualHost :
|
|||
ProxyPreserveHost On
|
||||
|
||||
<Proxy *>
|
||||
#Order deny,allow
|
||||
#Allow from all
|
||||
Require all granted
|
||||
</Proxy>
|
||||
|
||||
|
|
|
@ -127,7 +127,7 @@ Par exemple avec un authentification LDAP :
|
|||
WSGIScriptAlias / /home/hg/hgweb.wsgi
|
||||
|
||||
<Directory />
|
||||
Allow from all
|
||||
Require all granted
|
||||
Options ExecCGI FollowSymlinks
|
||||
</Directory>
|
||||
|
||||
|
|
|
@ -94,8 +94,7 @@ Voici une configuration d'un VirtualHost Apache pour proxyfié Jenkins en https
|
|||
ServerAdmin webmaster@localhost
|
||||
|
||||
<Directory proxy:http://localhost:8080/*>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
ProxyRequests Off
|
||||
|
|
|
@ -64,7 +64,7 @@ Enfin, pour voir les icones Awstats, on rajoutera le fichier _/etc/apache2/cron.
|
|||
~~~
|
||||
Alias /awstats-icon/ /usr/share/awstats/icon/
|
||||
<Directory /usr/share/awstats/icon/>
|
||||
Allow from all
|
||||
Require all granted
|
||||
</Directory>
|
||||
~~~
|
||||
|
||||
|
|
|
@ -44,7 +44,6 @@ Configuration :
|
|||
Alias /.well-known/acme-challenge /var/lib/letsencrypt/.well-known/acme-challenge
|
||||
<Directory "/var/lib/letsencrypt/.well-known/acme-challenge">
|
||||
Options -Indexes
|
||||
Allow from all
|
||||
Require all granted
|
||||
</Directory>
|
||||
~~~
|
||||
|
|
|
@ -174,7 +174,7 @@ ScriptAlias /munin-cgi/munin-cgi-graph /usr/lib/munin/cgi/munin-cgi-graph
|
|||
SetHandler cgi-script
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
Allow from all
|
||||
Require all granted
|
||||
</Location>
|
||||
~~~
|
||||
|
||||
|
|
|
@ -122,8 +122,7 @@ Ou Apache :
|
|||
ProxyPreserveHost On
|
||||
|
||||
<Proxy *>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
Require all granted
|
||||
</Proxy>
|
||||
|
||||
AllowEncodedSlashes NoDecode
|
||||
|
|
|
@ -345,7 +345,7 @@ Et voici un VirtualHost minimal pour Apache :
|
|||
|
||||
DocumentRoot /home/foo/www/current
|
||||
<Directory /home/redmine/www/current>
|
||||
Allow from all
|
||||
Require all granted
|
||||
Options -MultiViews
|
||||
</Directory>
|
||||
|
||||
|
|
|
@ -85,7 +85,6 @@ Configuration du VHost :
|
|||
AuthUserFile /home/svn/.htpasswd
|
||||
AuthzSVNAccessFILE /home/svn/.authz
|
||||
Require valid-user
|
||||
Allow from all
|
||||
</Location>
|
||||
~~~
|
||||
|
||||
|
@ -114,7 +113,6 @@ Et la configuration suivante :
|
|||
AuthLDAPGroupAttribute memberUid # Chercher l'attribut memberUid au lieu de uniqueMember
|
||||
AuthLDAPGroupAttributeIsDN off # Ne pas chercher un DN complet (uid=user,dc=example,dc=com) dans l'attribut memberUid mais uniquement l'uid
|
||||
Require ldap-group cn=svn,ou=group,dc=example,dc=com
|
||||
Allow from all
|
||||
</Location>
|
||||
~~~
|
||||
|
||||
|
|
|
@ -20,8 +20,7 @@ Si cela ne fonctionne pas vérifier que vous avez dans le vhost par défaut.
|
|||
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
||||
AllowOverride None
|
||||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Require all granted
|
||||
~~~
|
||||
|
||||
## Configuration
|
||||
|
|
|
@ -88,7 +88,7 @@ Fonctionne pour les URL *unsafe*, ici sur le port 8890 :
|
|||
ProxyPass /unsafe http://127.0.0.1:8890/unsafe
|
||||
ProxyPassReverse /unsafe http://127.0.0.1:8890/unsafe
|
||||
<Proxy *>
|
||||
Allow from All
|
||||
Require all granted
|
||||
</Proxy>
|
||||
~~~
|
||||
|
||||
|
|
|
@ -282,7 +282,7 @@ Voici un VirtualHost type :
|
|||
ProxyPass / http://127.0.0.1:8080/
|
||||
ProxyPassReverse / http://127.0.0.1:8080/
|
||||
<Proxy http://127.0.0.1:8080/>
|
||||
Allow from all
|
||||
Require all granted
|
||||
</Proxy>
|
||||
</IfModule>
|
||||
</VirtualHost>
|
||||
|
|
|
@ -91,7 +91,7 @@ S'il ne vous est pas possible de mettre à jour Wordpress, une solution est de b
|
|||
|
||||
~~~
|
||||
<Files "xmlrpc.php">
|
||||
Deny from all
|
||||
Require all denied
|
||||
</Files>
|
||||
~~~
|
||||
|
||||
|
@ -254,8 +254,7 @@ Avec Apache :
|
|||
~~~
|
||||
<Directory /home/SITE/www/wp-content/uploads/>
|
||||
<FilesMatch "\.php$">
|
||||
Order allow,deny
|
||||
Deny from all
|
||||
Require all denied
|
||||
</FilesMatch>
|
||||
</Directory>
|
||||
~~~
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
|
||||
<http://symfony.com/doc/current/setup/web_server_configuration.html>
|
||||
|
||||
Les applications Symfony contiennent souvent des fichiers `.htaccess` avec des directives `DirectoryIndex`, `Options -MultiViews`, `Rewrite*`, `Deny`.
|
||||
Les applications Symfony contiennent souvent des fichiers `.htaccess` avec des directives `DirectoryIndex`, `Options -MultiViews`, `Rewrite*`, `Require`.
|
||||
Il est donc plutôt conseillé d'utiliser [Apache](HowtoApache) en général.
|
||||
|
||||
La configuration Apache du VirtualHost doit donc contenir au minimum :
|
||||
|
|
Loading…
Reference in a new issue