Menu
I have an apache server, where in addition to my app I have a node.js websocket application. The problem is that anyone can read the file content just by navigating to it in URL. I am trying to block a direct access one of the files (I already managed to block node.js folders).
I am modifying my config file: apache2/apache2.conf. Assuming that my file is in /var/www/server/node_start.js I have tried to following:
<Files /var/www/server/node_start.js>
Order allow,deny
Deny from all
</Files>
<FilesMatch /var/www/server/node_start.js>
Order allow,deny
Deny from all
</FilesMatch>
<Files /server/node_start.js>
Order allow,deny
Deny from all
</Files>
<FilesMatch /server/node_start.js>
Order allow,deny
Deny from all
</FilesMatch>
None of this worked out. I have looked at other posts and it looks like I am doing the same thing as others. Any idea why I am failing?
P.S. I can not block the whole directory, because there are a lot of other files which should not be blocked.
582
To configure the Apache server for the Node application, we'll follow these steps: Confirm the Apache server is running. Create the Apache configuration file. Enable the proxy and proxy_http modules.
Non-blocking I/O operations allow a single process to serve multiple requests at the same time. Instead of the process being blocked and waiting for I/O operations to complete, the I/O operations are delegated to the system, so that the process can execute the next piece of code.
In Node, I/O operations are offloaded to the C++ APIs (libUV) which allows the Node. js main thread to continue executing your code without having to wait for file or network operations to finish. In this tutorial we will: Learn how to write synchronous and asynchronous file callbacks in Node.
Node. js runs JavaScript code in a single thread, which means that your code can only do one task at a time.
You are using wrong approach to work with node.js & apache server. Approach to work with node.js is as below:
app.enable('trust proxy'); in app.jsnode sever.js or node app.js
You can access the node server using http://localhost:{port}/
You can use forever or nodemon to run node server. For more information check links Nodemon and Forever
You can deploy your application at any path including www. If you put your application outsite the www directory.
Ensure node.js app directory must have proper ownership & permission for apache or ngnix. Before giving the ownership please check the name or apache or ngnix user.
For user ownership Ex: chown -R www:data www:data {/path_to_node_applicatoin}
For writing permssion Ex: chmod -R 775 {/path_to_node_applicatoin}
After starting the server you need to use proxy in apache & nginx server to access your site globally.
Configure apache server to support node.js server is as below:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName example.com
ServerAlias www.example.com
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://127.0.0.1:3000/ #use the port which you specified for node application.
ProxyPassReverse http://127.0.0.1:3000/
</Location>
</VirtualHost>
Configure ngnix to support node.js is as below:
server {
listen 80;
server_name example.com;
root /var/www/stack/nodejsapp;
index index.html index.htm;
location / {
rewrite ^/socket/(.*) /$1 break;
proxy_pass http://127.0.0.1:3000; #use the port which you specified for node application.
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Note: Ensure you have enable proxy support in apache & ngnix.
56
This sounds a little like you're trying to do it the wrong way. It should definitely be possible to block files using Files, Directory or Location directives, but wouldn't it be better to move the files out of the web-accessible directory completely?
i.e. You should deploy your node application to a different location (/var/deployment/node_app) and start it up on a port (such as 8080). Then, in your apache config, add a ProxyPass line to forward requests into your node application using
http://localhost:8080
This way, you can proxy the requests through to your node application, and the files you're trying to protect aren't accessible through apache.
30
Have you tried it without the full path and order directive?
<Files node_start.js >
Deny from all
</Files>
courtesy of http://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess.html
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
