3

What I want to achieve
I have public and private sites on my webserver, and I would like to somehow separate them, but I want this separation to be invisible.
So for example DocumentRoot is /var/www public projects are under /var/www/public, private projects are under /var/www/private.
If domain is www.example.com and I want to reach public/publicproj1 the URL would be www.example.com/publicproj1. Also if I want private/privateproj1 the URL would be www.example.com/privateproj1.
I want to restrict /var/www/private only to local network, but public should be accessible from anywhere.

Ther are a ton of projects under private, I don't want to make new settings in apache.conf every time I put something there.

Also I want /var/www/public/startingpage to be served if nothing else is requested, so www.example.com would show this page.


What I tried so far:
1.) made DocumentRoot to /var/www put public projects under it and a Rewrite Rule to the private folder like this:

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.*)$ private/$1 [QSA]

This doesn't work, because there are more .htaccess files on the folders under private folder. (for example applications with front controller, forums, etc. which need their own .htaccess)

2.) made DocumentRoot to /var/www/private, but then public projects doesn't get served. (Can I make two Document roots with different Access options ?) I made entries like Alias /publicproj1 /var/www/publicproj1 but I have Redmine installed with this settings:

RewriteEngine On
RewriteRule   ^/$  /redmine  [R]

<Directory /home/www/redmine>
        RailsBaseURI /redmine
        PassengerResolveSymlinksInDocumentRoot on
</Directory>

which I can't replace with a simple Alias entry (or can I ?)

My questions
What folder structure should I create ? What redirect rules should I make ? How can I set /var/www/startingpage to show up when nothing else is requested ?

kissgyorgy
  • 285
  • 1
  • 5
  • 16

2 Answers2

3

OK, so you want to restrict access to private projects by IP address, and you have the following directory structure:

  • DocumentRoot is /var/www
    • public projects are under /var/www/public
    • private projects are under /var/www/private

So, in your Apache configuration file (httpd.conf) add a <Directory> directive like:

<Directory /var/www/private>
   Order deny,allow
   Deny from all
   Allow from 10.0.0.0/24
</Directory>

and everything under that directory will only be accessible if you're coming from the allowed network(s). (There are other ways to specify the Allowed hosts too).

My domain is www.example.com.
I want to reach /var/www/html/public/publicproj1 as www.example.com/publicproj1 and /var/www/html/private/privateproj1 as www.example.com/privateproj1

This is a bit harder. You're going to need rewrite rules or an Alias directive for each project. As you noted that's not an ideal situation, so let's look at some other options.

Configured as I described above with the directory structure you have you'll be able to access the directories as www.example.com/public/proj1 and www.example.com/private/proj1 out of the box.
If that works for you you're done.

If that's not a good enough solution, consider moving your public projects so they're directly under /var/www/html -- your public projects would then be accessible as www.example.com/publicproj1, and your private projects would be accessible with the /private/ bit added in. (Presumably you don't care so much about a little ugly in the URL of a "private" project, and this avoids the need to do any Aliasing for your public stuff).

Regarding the starting page, you can show content of startingpage folder if www.example.com is requested with the following rules:

RewriteEngine On

# Don't apply to URLs that go to existing files or folders.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# Only apply to URLs that aren't already under folder.
RewriteCond %{REQUEST_URI} !^/startingpage/

RewriteRule ^(.*)$  /startingpage/$1
kissgyorgy
  • 285
  • 1
  • 5
  • 16
voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • good answer, but I did this too and I don't want to have `/private/` in the URL.Could you tell me what rewrite rules should I use to redirect everything what is in private but not in root ? – kissgyorgy Aug 10 '12 at 23:46
  • 1
    @Walkman not specifically, because the rewrite rule would be particular to your environment. However you may find [Everything you ever wanted to know about mod_rewrite rules but were afraid to ask](http://serverfault.com/questions/214512/everything-you-ever-wanted-to-know-about-mod-rewrite-rules-but-were-afraid-to-as) helpful... – voretaq7 Aug 11 '12 at 00:54
-1

Why can't you restrict those folders using .htaccess password protecting method?

http://viralpatel.net/blogs/password-protect-your-webpages-using-htaccess/

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
galtech
  • 9
  • 1