WampServer
Apache, PHP, MySQL
on Windows
Denying Access to DocumentRoot Content
Posted by:
Claudius
(---.bardstown.com)
Date: February 22, 2022 11:21PM
Hello...
I have finally, finally managed to put WAMP Server 3.2.6 64 bit on line and I can access the website that I'm hosting via https over the public internet. I have current security certificates from Let's Encrypt via certbot and to tell you the honest truth, I'm feeling pretty good about myself.
I was doing some superficial security checking and I discovered that I could access two files through the Microsoft Edge web browser, Composer.json and composer.lock and that I could manipulate the contents of these two files and that's no good. What I did was to edit the properties of these two files by way of the file's properties. By denying all access to Users and Authenticated Users I was able to deny access to the composer.json file but not the composer.lock file.
My question is how do I deny access to the composer.lock file.
Later I'll be attempting to attack the website using more sophisticated penetration tools that are native to the Kali Linux OS. Oh, the places you'll go and the things that you'll see and do! But I thought that it would be good to secure the website from elementary attacks. If you have any insight concerning this issue I would appreciate hearing what you have to say.
Thank you in advance for your kind attention in this matter and the very best regards...
I have finally, finally managed to put WAMP Server 3.2.6 64 bit on line and I can access the website that I'm hosting via https over the public internet. I have current security certificates from Let's Encrypt via certbot and to tell you the honest truth, I'm feeling pretty good about myself.
I was doing some superficial security checking and I discovered that I could access two files through the Microsoft Edge web browser, Composer.json and composer.lock and that I could manipulate the contents of these two files and that's no good. What I did was to edit the properties of these two files by way of the file's properties. By denying all access to Users and Authenticated Users I was able to deny access to the composer.json file but not the composer.lock file.
My question is how do I deny access to the composer.lock file.
Later I'll be attempting to attack the website using more sophisticated penetration tools that are native to the Kali Linux OS. Oh, the places you'll go and the things that you'll see and do! But I thought that it would be good to secure the website from elementary attacks. If you have any insight concerning this issue I would appreciate hearing what you have to say.
Thank you in advance for your kind attention in this matter and the very best regards...
Re: Denying Access to DocumentRoot Content
Posted by:
Otomatic
(Moderator)
Date: February 23, 2022 11:34AM
Hi,
In the VirtualHost context insert:
It is also possible to do:
Be sure to read the document link to know where to put this directive in relation to other directives like <Directory
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 02/23/2022 11:39AM by Otomatic.
In the VirtualHost context insert:
<Files *.lock> Require all denied </Files>See files
It is also possible to do:
<Files composer.*> Require all denied> </Files>
Be sure to read the document link to know where to put this directive in relation to other directives like <Directory
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Edited 1 time(s). Last edit at 02/23/2022 11:39AM by Otomatic.
Re: Denying Access to DocumentRoot Content
Posted by:
Claudius
(---.bardstown.com)
Date: February 23, 2022 02:45PM
Thank You! I appreciate your attention!
Re: Denying Access to DocumentRoot Content
Posted by:
Claudius
(---.bardstown.com)
Date: February 23, 2022 10:50PM
I give up, where dies this directive go?
Re: Denying Access to DocumentRoot Content
Posted by:
Otomatic
(Moderator)
Date: February 24, 2022 09:15AM
Hi,
See files <- link to documentation
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
See files <- link to documentation
---------------------------------------------------------------
Documentation Apache - Documentation PHP - Documentation MySQL - Wampserver install files & addons
Sorry, only registered users may post in this forum.
