I have an apache server, where in addition to my app I have a node.js websocket application. The problem is that anyone can read the file content just by navigating to it in URL. I am trying to block a direct access one of the files (I already managed to block node.js folders).
I am modifying my config file: apache2/apache2.conf. Assuming that my file is in /var/www/server/node_start.js I have tried to following:
<Files /var/www/server/node_start.js>
Order allow,deny
Deny from all
</Files>
<FilesMatch /var/www/server/node_start.js>
Order allow,deny
Deny from all
</FilesMatch>
<Files /server/node_start.js>
Order allow,deny
Deny from all
</Files>
<FilesMatch /server/node_start.js>
Order allow,deny
Deny from all
</FilesMatch>
None of this worked out. I have looked at other posts and it looks like I am doing the same thing as others. Any idea why I am failing?
P.S. I can not block the whole directory, because there are a lot of other files which should not be blocked.
You are using wrong approach to work with node.js & apache server. Approach to work with node.js is as below:
app.enable('trust proxy'); in app.jsnode sever.js or node app.jsYou can access the node server using http://localhost:{port}/
You can use forever or nodemon to run node server. For more information check links Nodemon and Forever
You can deploy your application at any path including www. If you put your application outsite the www directory.
Ensure node.js app directory must have proper ownership & permission for apache or ngnix. Before giving the ownership please check the name or apache or ngnix user.
For user ownership Ex: chown -R www:data www:data {/path_to_node_applicatoin}
For writing permssion Ex: chmod -R 775 {/path_to_node_applicatoin}
After starting the server you need to use proxy in apache & nginx server to access your site globally.
Configure apache server to support node.js server is as below:
<VirtualHost *:80>
ServerAdmin nodeadmin@example.com
ServerName example.com
ServerAlias www.example.com
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://127.0.0.1:3000/ #use the port which you specified for node application.
ProxyPassReverse http://127.0.0.1:3000/
</Location>
</VirtualHost>
Configure ngnix to support node.js is as below:
server {
listen 80;
server_name example.com;
root /var/www/stack/nodejsapp;
index index.html index.htm;
location / {
rewrite ^/socket/(.*) /$1 break;
proxy_pass http://127.0.0.1:3000; #use the port which you specified for node application.
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
Note: Ensure you have enable proxy support in apache & ngnix.
This sounds a little like you're trying to do it the wrong way. It should definitely be possible to block files using Files, Directory or Location directives, but wouldn't it be better to move the files out of the web-accessible directory completely?
i.e. You should deploy your node application to a different location (/var/deployment/node_app) and start it up on a port (such as 8080). Then, in your apache config, add a ProxyPass line to forward requests into your node application using
http://localhost:8080
This way, you can proxy the requests through to your node application, and the files you're trying to protect aren't accessible through apache.
Have you tried it without the full path and order directive?
<Files node_start.js >
Deny from all
</Files>
courtesy of http://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess.html