Menu
I have a node server running on CentOS and currently, you can just go to any file in the root and view it, for example xxx.net/whatever.js. This is obviously not great, as i have some sensitive information in certain files.
How can i disable users from navigating to these files from a browser?
I have an apache proxy set up to view the site like so
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName www.xxx.net
ServerAlias xxx.net
DocumentRoot /var/www/xxx.net
<Directory /var/www/xxx.net>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog /var/www/xxx.net/error.log
CustomLog /var/www/xxx.net/requests.log combined
ProxyRequests Off
ProxyPreserveHost On
ProxyVia Full
<Proxy *>
Require all granted
</Proxy>
<Location />
ProxyPass http://127.0.0.1:4000/
ProxyPassReverse http://127.0.0.1:4000/
</Location>
</VirtualHost>
and then pm2 running an express node server. I've tried all sorts of chmod'ing but nothing has changed. If anybody could shed any light onto my problem that would be great. If you need any more info let me know, thanks!
276
You can restrict the access using express js.
when this is written
app.use('/', express.static(__dirname));
this means access anything
you can limit this access to some folders only using
app.use('/', express.static(__dirname + '/public'));
Or you can write middleware in express that can have the list of file routes you want to block
app.use(function (req, res, next) {
if(!checkFunction(req.url)) {
next();
} else {
res.send(404, "Not found");
}
})
var checkFunction(url){
var blockedUrl = ['folder/file1.js'];
return blockedUrl.find(function(urlCheck){
return urlCheck === url;
})
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
