Why can not I block a single node.js file in apache?

Question

I have an apache server, where in addition to my app I have a node.js websocket application. The problem is that anyone can read the file content just by navigating to it in URL. I am trying to block a direct access one of the files (I already managed to block node.js folders).

I am modifying my config file: apache2/apache2.conf. Assuming that my file is in /var/www/server/node_start.js I have tried to following:

<Files /var/www/server/node_start.js>
        Order allow,deny
        Deny from all
</Files>

<FilesMatch /var/www/server/node_start.js>
        Order allow,deny
        Deny from all
</FilesMatch>

<Files /server/node_start.js>
        Order allow,deny
        Deny from all
</Files>

<FilesMatch /server/node_start.js>
        Order allow,deny
        Deny from all
</FilesMatch>

None of this worked out. I have looked at other posts and it looks like I am doing the same thing as others. Any idea why I am failing?

P.S. I can not block the whole directory, because there are a lot of other files which should not be blocked.

Answer 1

You are using wrong approach to work with node.js & apache server. Approach to work with node.js is as below:

1. Node.js gives a server & client. Hence you need to create server to run with node.js
2. I used express to create server in node.js with port. If you are planning to use express then don't forget to add app.enable('trust proxy'); in app.js
3. Once you create your server it needs to start with node.js.Ex:- node sever.js or node app.js

4. You can access the node server using http://localhost:{port}/

5. You can use forever or nodemon to run node server. For more information check links Nodemon and Forever

6. You can deploy your application at any path including www. If you put your application outsite the www directory.

7. Ensure node.js app directory must have proper ownership & permission for apache or ngnix. Before giving the ownership please check the name or apache or ngnix user.

8. For user ownership Ex: chown -R www:data www:data {/path_to_node_applicatoin}

9. For writing permssion Ex: chmod -R 775 {/path_to_node_applicatoin}

10. After starting the server you need to use proxy in apache & nginx server to access your site globally.

11. If you are planing to use websocket using node.js the you need to http version 1.1 .Ex: proxy_http_version 1.1;;

12. Configure apache server to support node.js server is as below:

    <VirtualHost *:80>
            ServerAdmin [email protected]
            ServerName example.com
            ServerAlias www.example.com
    
            ProxyRequests off
    
            <Proxy *>
                Order deny,allow
                Allow from all
            </Proxy>
    
            <Location />
                ProxyPass http://127.0.0.1:3000/ #use the port which you specified for node application.
                ProxyPassReverse http://127.0.0.1:3000/
            </Location>
        </VirtualHost>
    

13. Configure ngnix to support node.js is as below:

         server {
               listen 80;
               server_name example.com;
               root /var/www/stack/nodejsapp;
               index index.html index.htm;
                location / {
                      rewrite ^/socket/(.*) /$1 break;
                      proxy_pass http://127.0.0.1:3000; #use the port which you specified for node application.
                      proxy_redirect off;
                      proxy_set_header X-Real-IP $remote_addr;
                      proxy_set_header Host $http_host;
                      proxy_set_header X-NginX-Proxy true;
                      proxy_set_header X-Forwarded-Host $host;
                      proxy_set_header X-Forwarded-Server $host;
                      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                      proxy_http_version 1.1;
                      proxy_set_header Upgrade $http_upgrade;
                      proxy_set_header Connection "upgrade";
                      proxy_set_header Host $host;
                }
           }
    

Note: Ensure you have enable proxy support in apache & ngnix.

Answer 2

This sounds a little like you're trying to do it the wrong way. It should definitely be possible to block files using Files, Directory or Location directives, but wouldn't it be better to move the files out of the web-accessible directory completely?

i.e. You should deploy your node application to a different location (/var/deployment/node_app) and start it up on a port (such as 8080). Then, in your apache config, add a ProxyPass line to forward requests into your node application using

http://localhost:8080

This way, you can proxy the requests through to your node application, and the files you're trying to protect aren't accessible through apache.

Answer 3

Have you tried it without the full path and order directive?

<Files node_start.js >
  Deny from all
</Files>

courtesy of http://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess.html