Category Archives: acl

Allow/Deny Access by IP to a Virtual/PHP Generated URL in .htaccess Without Apache Config Access

I've been trawling around, and theres many similar questions/answers, but none that fit, Or I'm searching for the wrong things

I'm using a PHP CMS, that routes the urls /admin/some-module

The /admin folder doesnt actually exist, as everything routes through an index.php bootloader.

I'm trying to effectively achieve

<Directory /admin>
    Order Deny,Allow
    Deny from all
    Allow from <some ip>
</Directory>

However it is on shared hosting which we cannot change the apache config to allow this.

How can you protect a url by IP from the root /public_html/.htaccess with the above setup?

Allow/Deny Access by IP to a Virtual/PHP Generated URL in .htaccess Without Apache Config Access

I've been trawling around, and theres many similar questions/answers, but none that fit, Or I'm searching for the wrong things

I'm using a PHP CMS, that routes the urls /admin/some-module

The /admin folder doesnt actually exist, as everything routes through an index.php bootloader.

I'm trying to effectively achieve

<Directory /admin>
    Order Deny,Allow
    Deny from all
    Allow from <some ip>
</Directory>

However it is on shared hosting which we cannot change the apache config to allow this.

How can you protect a url by IP from the root /public_html/.htaccess with the above setup?

Cakephp ACL plus entire site password

I am using CakePHP 2.6 with the Access Control List up and running. Hence, I have the ability to assign users to groups and grant or deny access to specific actions/controllers.

Now I would like to protect the entire site with a fixed password. The reason is that there is a staging environment where new features are showcased and previewed for partners, stakeholders etc. If someone owns the password s/he can access the site based on the given ACL rights (e.g. sign up as a new user and then use this regular user's account).

Normally this sonds like a job for .htaccess configuration. However, I realized that I can not set .htaccess in parallel to CakePHP's Authorization component.

What is more: ideally this password is only asked for in the staging environment. This is the reason why I do not want to use ACL for this and restrict all areas of the website: I would need to change the restricted sites such as landing page and registration and make them available for "GUESTS" again, whenever I want to upload the code to the production environment.

HDFS Plugin for Apache Ranger

I am planning to use Apache Ranger for authorization of my HDFS file system. I have a question on the capability of apache ranger plugin. Does HDFS plugin for Apache ranger offers more security features than just managing HDFS ACLs ? From the limited understanding that i gathered by looking into the presentations/blogs, I am unable to comprehend the functions of HDFS plugin for Apache Ranger.

CakePHP 2.4 [app/tmp not writeable]: Deployment in an ACL-controlled Redhat-Linux environment running Apache 2.0

The Problem

Developer here with next-to-zero netsys savvy. I've built a really large CakePHP project for a psychology department of a local college and am having a hard time getting the thing deployed. I know you're going to be tempted to tell me to contact netsys. I have; a response could take a week, whereas the client cannot. So stackoverflow, lend me your strength:

Specifically I get this familiar suite of errors:

Warning: _cake_core_ cache was unable to write 'cake_dev_en-us' to File cache in /home/psyo1031/public_www/olt/lib/Cake/Cache/Cache.php on line 325

Warning: /home/psyo1031/public_www/olt/app/tmp/cache/persistent/ is not writable in /home/psyo1031/public_www/olt/lib/Cake/Cache/Engine/FileEngine.php on line 384

Fatal error: Uncaught exception 'CacheException' with message 'Cache engine _cake_core_ is not properly configured.' in /home/psyo1031/public_www/olt/lib/Cake/Cache/Cache.php:181

Stack trace:

#0 /home/psyo1031/public_www/olt/lib/Cake/Cache/Cache.php(151): Cache::_buildEngine('_cake_core_')

#1 /home/psyo1031/public_www/olt/app/Config/core.php(373): Cache::config('_cake_core_', Array)

#2 /home/psyo1031/public_www/olt/lib/Cake/Core/Configure.php(72): include('/home/psyo1031/...')

#3 /home/psyo1031/public_www/olt/lib/Cake/bootstrap.php(175): Configure::bootstrap(true)

#4 /home/psyo1031/public_www/olt/app/webroot/index.php(99): include('/home/psyo1031/...')

#5 {main} thrown in /home/psyo1031/public_www/olt/lib/Cake/Cache/Cache.php on line 181

The server is ACL controlled—I do not have sudo. Apache is running as www1. The following is all the information I could think to include:

Wrangling the ACL

Again, let me emphasize: I have only the most basic grasp of what I'm doing. The root directory is 'olt' (just an acronym for project-specific jargon). So I went:

setfacl -R -d -m u:www1:rwx olt 
setfacl -R -m u:www1:rwx olt
setfacl -R -d -m g:www1:rwx olt
setfacl -R -m g:www1:rwx olt

and got:

[[email protected] public_www]$ getfacl olt
# file: olt
# owner: psyo1031
# group: a6
user::rwx
user:www1:rwx
group::rwx
group:www1:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:www1:rwx
default:group::rwx
default:group:www1:rwx
default:mask::rwx
default:other::rwx

Selections from phpinfo()

Configure Command

'./configure' '--build=i686-redhat-linux-gnu' '--host=i686-redhat-linux-gnu' '--target=i686-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--cache-file=../config.cache' '--with-libdir=lib' '--with-config-file-path=/etc' '--with-config-file-scan-dir=/etc/php.d' '--disable-debug' '--with-pic' '--disable-rpath' '--without-pear' '--with-bz2' '--with-exec-dir=/usr/bin' '--with-freetype-dir=/usr' '--with-png-dir=/usr' '--with-xpm-dir=/usr' '--enable-gd-native-ttf' '--without-gdbm' '--with-gettext' '--with-gmp' '--with-iconv' '--with-jpeg-dir=/usr' '--with-openssl' '--with-pcre-regex=/usr' '--with-zlib' '--with-layout=GNU' '--enable-exif' '--enable-ftp' '--enable-magic-quotes' '--enable-sockets' '--enable-sysvsem' '--enable-sysvshm' '--enable-sysvmsg' '--with-kerberos' '--enable-ucd-snmp-hack' '--enable-shmop' '--enable-calendar' '--without-sqlite' '--with-libxml-dir=/usr' '--enable-xml' '--with-system-tzdata' '--with-apxs2=/usr/sbin/apxs' '--without-mysql' '--without-gd' '--disable-dom' '--disable-dba' '--without-unixODBC' '--disable-pdo' '--disable-xmlreader' '--disable-xmlwriter' '--without-sqlite3' '--disable-phar' '--disable-fileinfo' '--disable-json' '--without-pspell' '--disable-wddx' '--without-curl' '--disable-posix' '--disable-sysvmsg' '--disable-sysvshm' '--disable-sysvsem'

Loaded Modules

core prefork http_core mod_so mod_auth_basic mod_auth_digest mod_authn_file mod_authn_alias mod_authn_anon mod_authn_dbm mod_authn_default mod_authz_host mod_authz_user mod_authz_owner mod_authz_groupfile mod_authz_dbm mod_authz_default util_ldap mod_authnz_ldap mod_include mod_log_config mod_logio mod_env mod_ext_filter mod_mime_magic mod_expires mod_deflate mod_headers mod_usertrack mod_setenvif mod_mime mod_dav mod_status mod_autoindex mod_info mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_substitute mod_rewrite mod_proxy mod_proxy_balancer mod_proxy_ftp mod_proxy_http mod_proxy_ajp mod_proxy_connect mod_cache mod_suexec mod_disk_cache mod_cgi mod_version mod_authz_ldap mod_ssl mod_perl mod_php5 mod_wsgi