Configure protected directories Apache

Hello @Inderpreet/Team,

I did everything asked in the question but still this task failed (htpasswd authentication is not setup correctly on App Server 3) and before submitting it checked from the jumphost and the output is attached in the below screenshot.

I was able to see the index.html content after passing the username and password and just curl http://172.16.238.12:8080 got unauthorized access. I did this on stapp03 as asked in question. Can you please check this and let me what went wrong?

Thanks,
Mohamed

Hello @Inderpreet,

Can you please check this and update me.

Thanks,
Mohamed Sheeraz

  1. create directory
  2. Adding user:
    htpasswd -c /etc/httpd/.htpasswd
  3. Create basic .htaccess file
    cat /var/www/html/itadmin/.htaccess <----------- itadmin is the new directory created
    AuthType Basic
    AuthName “Restricted Content”
    AuthUserFile /etc/httpd/.htpasswd
    Require valid-user
  4. Update the httpd configuration file with this entry
    cat /etc/httpd/conf/httpd.conf
    <Directory “/var/www/html/itadmin”> <--------- itadmin is the new directory name
    AllowOverride AuthConfig
  5. Scp /tmp/index.html file from jumpbox to app server (/var/www/html/itadmin/index.html).
  6. Restart httpd service
  7. Test connectivity
    curl -u yousuf:GyQkFRVNr3 http://stapp01:8080/itadmin/

what steps did you do?
@mohamedsheeraz1

1 Like

pls check below my entire commands for the task. pls tell me where iam going wrong.

then it is asking for password, does copy and paste works here or do i need to manually type the password

ssh banner@stapp03
The authenticity of host ‘stapp03 (172.16.238.12)’ can’t be established.
ECDSA key fingerprint is SHA256:SySamszyWhhLGFiybhGBqfrr8g55wS/3e37ZpBOvICs.
ECDSA key fingerprint is MD5:6d:31:18:2a:f9:07:f3:29:dd:0a:d3:1f:6e:04:0a:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘stapp03,172.16.238.12’ (ECDSA) to the list of known hosts.
banner@stapp03’s password:
[banner@stapp03 ~]$ sudo su

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for banner:
Sorry, try again.
[sudo] password for banner:
[root@stapp03 banner]# yum install httpd -y
Loaded plugins: fastestmirror, ovl
Determining fastest mirrors
epel/x86_64/metalink | 31 kB 00:00:00

  • base: linux.darkpenguin.net
  • epel: mirrors.n-ix.net
  • extras: mirror.alpix.eu
  • remi-php72: mirror.23media.com
  • remi-safe: mirror.23media.com
  • updates: linux.darkpenguin.net
    base | 3.6 kB 00:00:00
    epel | 4.7 kB 00:00:00
    extras | 2.9 kB 00:00:00
    remi-php72 | 3.0 kB 00:00:00
    remi-safe | 3.0 kB 00:00:00
    updates | 2.9 kB 00:00:00
    (1/9): base/7/x86_64/group_gz | 153 kB 00:00:00
    (2/9): extras/7/x86_64/primary_db | 205 kB 00:00:00
    (3/9): epel/x86_64/group_gz | 95 kB 00:00:00
    (4/9): epel/x86_64/updateinfo | 1.0 MB 00:00:00
    (5/9): epel/x86_64/primary_db | 6.9 MB 00:00:00
    (6/9): updates/7/x86_64/primary_db | 3.7 MB 00:00:00
    (7/9): base/7/x86_64/primary_db | 6.1 MB 00:00:00
    (8/9): remi-php72/primary_db | 241 kB 00:00:00
    (9/9): remi-safe/primary_db | 1.8 MB 00:00:01
    Resolving Dependencies
    –> Running transaction check
    —> Package httpd.x86_64 0:2.4.6-90.el7.centos will be updated
    —> Package httpd.x86_64 0:2.4.6-93.el7.centos will be an update
    –> Processing Dependency: httpd-tools = 2.4.6-93.el7.centos for package: httpd-2.4.6-93.el7.centos.x86_64
    –> Running transaction check
    —> Package httpd-tools.x86_64 0:2.4.6-90.el7.centos will be updated
    —> Package httpd-tools.x86_64 0:2.4.6-93.el7.centos will be an update
    –> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================================================================

Package Arch Version Repository Size

Updating:
httpd x86_64 2.4.6-93.el7.centos base 2.7 M
Updating for dependencies:
httpd-tools x86_64 2.4.6-93.el7.centos base 92 k

Transaction Summary

Upgrade 1 Package (+1 Dependent package)

Total download size: 2.8 M

Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): httpd-tools-2.4.6-93.el7.centos.x86_64.rpm | 92 kB 00:00:00
(2/2): httpd-2.4.6-93.el7.centos.x86_64.rpm | 2.7 MB 00:00:00

Total 16 MB/s | 2.8 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : httpd-tools-2.4.6-93.el7.centos.x86_64 1/4
Updating : httpd-2.4.6-93.el7.centos.x86_64 2/4
Cleanup : httpd-2.4.6-90.el7.centos.x86_64 3/4
Cleanup : httpd-tools-2.4.6-90.el7.centos.x86_64 4/4
Verifying : httpd-tools-2.4.6-93.el7.centos.x86_64 1/4
Verifying : httpd-2.4.6-93.el7.centos.x86_64 2/4
Verifying : httpd-tools-2.4.6-90.el7.centos.x86_64 3/4
Verifying : httpd-2.4.6-90.el7.centos.x86_64 4/4

Updated:
httpd.x86_64 0:2.4.6-93.el7.centos

Dependency Updated:
httpd-tools.x86_64 0:2.4.6-93.el7.centos

Complete!
[root@stapp03 banner]# ls -al
total 20
drwx------ 2 banner banner 4096 Jan 25 2020 .
drwxr-xr-x 3 root root 4096 Jan 25 2020 …
-rw-r–r-- 3 banner banner 18 Oct 30 2018 .bash_logout
-rw-r–r-- 3 banner banner 193 Oct 30 2018 .bash_profile
-rw-r–r-- 3 banner banner 231 Oct 30 2018 .bashrc
[root@stapp03 banner]# cd …
[root@stapp03 home]# ls -al
total 12
drwxr-xr-x 3 root root 4096 Jan 25 2020 .
drwxr-xr-x 1 root root 4096 Aug 5 23:22 …
drwx------ 2 banner banner 4096 Jan 25 2020 banner
[root@stapp03 home]# ls
banner
[root@stapp03 home]# ls -al
total 12
drwxr-xr-x 3 root root 4096 Jan 25 2020 .
drwxr-xr-x 1 root root 4096 Aug 5 23:22 …
drwx------ 2 banner banner 4096 Jan 25 2020 banner
[root@stapp03 home]# cd var
bash: cd: var: No such file or directory
[root@stapp03 home]# cd /var
[root@stapp03 var]# cd www
[root@stapp03 www]# cd html
[root@stapp03 html]# pwd
/var/www/html
[root@stapp03 html]# mkdir sysops
[root@stapp03 html]# pwd
/var/www/html
[root@stapp03 html]# htpasswd -c /etc/httpd/.htpasswd mark
New password:
Re-type new password:
Adding password for user mark
[root@stapp03 html]# cd /var/www/html/sysops
[root@stapp03 sysops]# vi .htaccess
[root@stapp03 sysops]# vi /etc/httpd/conf/httpd.conf
[root@stapp03 sysops]# exit
exit
[banner@stapp03 ~] exit logout Connection to stapp03 closed. thor@jump_host / sudo scp -r /tmp/index.html steve@172.16.238.11:/tmp

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for thor:
The authenticity of host ‘172.16.238.11 (172.16.238.11)’ can’t be established.
ECDSA key fingerprint is SHA256:SySamszyWhhLGFiybhGBqfrr8g55wS/3e37ZpBOvICs.
ECDSA key fingerprint is MD5:6d:31:18:2a:f9:07:f3:29:dd:0a:d3:1f:6e:04:0a:db.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.16.238.11’ (ECDSA) to the list of known hosts.
steve@172.16.238.11’s password:
Permission denied, please try again.
steve@172.16.238.11’s password:
Permission denied, please try again.
steve@172.16.238.11’s password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
thor@jump_host / sudo scp -r /tmp/index.html banner@172.16.238.12:/tmp The authenticity of host ‘172.16.238.12 (172.16.238.12)’ can’t be established. ECDSA key fingerprint is SHA256:SySamszyWhhLGFiybhGBqfrr8g55wS/3e37ZpBOvICs. ECDSA key fingerprint is MD5:6d:31:18:2a:f9:07:f3:29:dd:0a:d3:1f:6e:04:0a:db. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘172.16.238.12’ (ECDSA) to the list of known hosts. banner@172.16.238.12’s password: index.html 100% 51 56.1KB/s 00:00 thor@jump_host / ssh banner@stapp03
banner@stapp03’s password:
Last login: Wed Aug 5 23:25:45 2020 from jump_host.linuxprotecteddirhttpd_app_net
[banner@stapp03 ~] sudo mv /temp/index.html /var/www/html/itadmin/index.html [sudo] password for banner: mv: cannot stat ‘/temp/index.html’: No such file or directory [banner@stapp03 ~] sudo mv /tmp/index.html /var/www/html/itadmin/index.html
mv: cannot move ‘/tmp/index.html’ to ‘/var/www/html/itadmin/index.html’: No such file or directory
[banner@stapp03 ~] sudo mv /tmp/index.html /var/www/html/sysops [banner@stapp03 ~] ls -al
total 24
drwx------ 1 banner banner 4096 Aug 5 23:40 .
drwxr-xr-x 1 root root 4096 Jan 25 2020 …
-rw------- 1 banner banner 14 Aug 5 23:40 .bash_history
-rw-r–r-- 3 banner banner 18 Oct 30 2018 .bash_logout
-rw-r–r-- 3 banner banner 193 Oct 30 2018 .bash_profile
-rw-r–r-- 3 banner banner 231 Oct 30 2018 .bashrc
[banner@stapp03 ~] cd … [banner@stapp03 home] ls -al
total 12
drwxr-xr-x 1 root root 4096 Jan 25 2020 .
drwxr-xr-x 1 root root 4096 Aug 5 23:22 …
drwx------ 1 banner banner 4096 Aug 5 23:40 banner
[banner@stapp03 home] cd … [banner@stapp03 /] cd …
[banner@stapp03 /] cd /var [banner@stapp03 var] cd www
[banner@stapp03 www] cd html [banner@stapp03 html] ls -al
total 12
drwxr-xr-x 3 root root 4096 Aug 5 23:29 .
drwxr-xr-x 1 root root 4096 Apr 2 13:14 …
drwxr-xr-x 2 root root 4096 Aug 5 23:44 sysops
[banner@stapp03 html] cd sysops [banner@stapp03 sysops] ls -al
total 16
drwxr-xr-x 2 root root 4096 Aug 5 23:44 .
drwxr-xr-x 3 root root 4096 Aug 5 23:29 …
-rw-r–r-- 1 root root 102 Aug 5 23:35 .htaccess
-rw-r–r-- 1 banner banner 51 Aug 5 23:42 index.html
[banner@stapp03 sysops] cat /var/www/html/sysops/index.html This is xFusionCorp Industries Protected Directory![banner@stapp03 sysops] systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
[banner@stapp03 sysops] systemctl enable httpd Failed to execute operation: The name org.freedesktop.PolicyKit1 was not provided by any .service files [banner@stapp03 sysops] systemctl restart httpd
Failed to restart httpd.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files
See system logs and ‘systemctl status httpd.service’ for details.
[banner@stapp03 sysops] systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: inactive (dead) Docs: man:httpd(8) man:apachectl(8) [banner@stapp03 sysops] sudo systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[banner@stapp03 sysops] sudo systemctl restart httpd [banner@stapp03 sysops] sudo systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-08-05 23:48:58 UTC; 11s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 566 (httpd)
Status: “Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec”
CGroup: /docker/7980af042423d43c66c6e4c8c8dc5c48b0f0b624299d4c92beba5106bc2125d4/system.slice/httpd.service
├─566 /usr/sbin/httpd -DFOREGROUND
├─567 /usr/sbin/httpd -DFOREGROUND
├─568 /usr/sbin/httpd -DFOREGROUND
├─569 /usr/sbin/httpd -DFOREGROUND
├─570 /usr/sbin/httpd -DFOREGROUND
└─571 /usr/sbin/httpd -DFOREGROUND

Aug 05 23:48:58 stapp03 systemd[1]: Starting The Apache HTTP Server…
Aug 05 23:48:58 stapp03 httpd[566]: AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, usin… message
Aug 05 23:48:58 stapp03 systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
[banner@stapp03 sysops]$ curl -u mark:8FmzjvFU6S http://stapp03:8080/sysops

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

[banner@stapp03 sysops]$ curl -u mark:8FmzjvFU6S http://stapp03:8080/sysops