All geek questions in one place

Why can't I block a single node.js file in apache?

I have an apache server where, in addition to my application, I have a node.js websocket application. The problem is that any user can read the contents of the file simply by moving it to the URL. I am trying to block direct access to one of the files (I have already managed to lock the node.js folders).

I am changing my configuration file: apache2/apache2.conf . Assuming my file is located in /var/www/server/node_start.js , I tried to do the following:

 <Files /var/www/server/node_start.js> Order allow,deny Deny from all </Files> <FilesMatch /var/www/server/node_start.js> Order allow,deny Deny from all </FilesMatch> <Files /server/node_start.js> Order allow,deny Deny from all </Files> <FilesMatch /server/node_start.js> Order allow,deny Deny from all </FilesMatch>

None of this worked out. I looked at other posts, and it looks like I'm doing the same thing as the others. Any idea why I fail?

PS I can’t lock the whole directory because there are many other files that should not be blocked.

+6
source share
3 answers

You are using the wrong approach for working with node.js and apache server. The approach to working with node.js is as follows:

  • Node.js provides a server and a client. Therefore, you need to create a server to work with node.js
  • I used an expression to create a server in node.js with a port. If you plan to use express, do not forget to add app.enable('trust proxy'); in app.js
  • After creating your server, it should start with node.js.Ex: - node sever.js or node app.js

  • You can access the node server using http://localhost:{port}/

  • You can use forever or nodemon to start the node server. Check out the Nodemon and Forever links for more information.

  • You can deploy your application on any path, including www. If you put your application on the site in the www directory.

  • Make sure the node.js directory must have the correct ownership and permission for apache or ngnix. Before granting ownership, verify the username or username of apache or ngnix.

  • For user rights Ex: chown -R www:data www:data {/path_to_node_applicatoin}

  • To write permssion Ex: chmod -R 775 {/path_to_node_applicatoin}

  • After starting the server, you need to use the proxy server on the apache and nginx server to access your site around the world.

  • If you plan to use websocket using node.js, you need http version 1.1.Ex: proxy_http_version 1.1 ;;

  • Configure apache server to support node.js server:

     <VirtualHost *:80> ServerAdmin nodeadmin@example.com ServerName example.com ServerAlias www.example.com ProxyRequests off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> ProxyPass http://127.0.0.1:3000/ #use the port which you specified for node application. ProxyPassReverse http://127.0.0.1:3000/ </Location> </VirtualHost>

  • Configure ngnix to support node.js as shown below:

      server { listen 80; server_name example.com; root /var/www/stack/nodejsapp; index index.html index.htm; location / { rewrite ^/socket/(.*) /$1 break; proxy_pass http://127.0.0.1:3000; #use the port which you specified for node application. proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; } }

Note. . Make sure you support proxy support in apache and ngnix.

+4
source

It is like trying to do it wrong. It might be possible that you can lock files using the "Files", "Directory" or "Location" directives, but wouldn’t it be better to completely move the files from the web directory?

i.e. Deploy the node application to another location (/ var / deployment / node_app) and run it on the port (e.g. 8080). Then, in the apache configuration, add the ProxyPass line to forward requests to your node application using

 http://localhost:8080

Thus, you can proxy requests through the node application, and the files you are trying to protect are not accessible via apache.

+3
source

Have you tried this without the full path and order directive?

 <Files node_start.js > Deny from all </Files>

Courtesy of http://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess.html

+1
source

Source: https://habr.com/ru/post/974932/

More articles:


All Articles