Find my iPhone notification with apache

[Mazzokun]

Hi, I used find my iPhone utility with apache 2 since yesterday and it worked like a charm but today I had to reinstall and I can't use it anymore. viewtopic.php?t=6358.
I can't secure my secure folder ( I can still see the content if I browse with a pc ) and the scripts doesn't work...
Any idea? A step by step guide for noobs should be great!
Thank you

[Egregius]

What do you mean by 'content'? Directory listing? Put a empty index.html in.
More secure is a .htaccess file or thru the Apache virtual host file.

What does the script display?
Do you have error reporting enabled?
Is there something in the error log?

[Mazzokun]

What do you mean by 'content'? Directory listing? Put a empty index.html in.
More secure is a .htaccess file or thru the Apache virtual host file.

ok something is progressing;
I created a folder called "secure" in var/www/html and I placed here my php files.
So my directory is var/www/html/secure. This is a portion of /etc/apache2/apache2.conf file that I edited to secure the folder from the outside word. Is it secure? I don't know how to create a .htaccess file and I don't know where to put it

Code: Select all

# Sets the default security model of the Apache2 HTTPD server. It does
# not allow access to the root filesystem outside of /usr/share and /var/www.
# The former is used by web applications packaged in Debian,
# the latter may be used for local directories served by the web server. If
# your system is serving content from a sub-directory in /srv you must allow
# access here, or in any related virtual host.
<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/secure>
   order deny,allow
   Deny from All
   allow from 127.0.0.1
</Directory>

#<Directory /srv/>
#       Options Indexes FollowSymLinks
#       AllowOverride None
#       Require all granted
#</Directory>




# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>
 

If i type into terminal through ssh connection "php -f turnoniphone.php " then my iPhone sound, but if into GUI I execute it from the folder the iPhone doesn't sound. Same in domotic: I created a virtual switch called iPhone and into on action I wrote: http://127.0.0.1/secure/turnoniphone.php but nothing happens..
Before the great ko and reinstall anything worked ok.
Permission of files in secure folder are Read only owner; modify only owner;Execute ANYONE. and the owner is pi.
Where is the mistake?

[Egregius]

Is it secure?

Yes, by this part of your virtualhosts:

Code: Select all

<Directory /var/www/secure>
   order deny,allow
   Deny from All
   allow from 127.0.0.1
</Directory>

If you do it in virtualhost config file you don't need to do it again in a .htaccess. But don't know how? Ever tried google?

Permission of files in secure folder are Read only owner; modify only owner;Execute ANYONE. and the owner is pi.

So the permissions are 601?
like this?
8.0K -rw------x 1 http http 86 Oct 16 09:40 test.php

How can it be executed if the user doesn't has read rights?
Change the permissions to 777 for testing, it shouldn't even be a problem leaving it that way because the files are secured by the virtualhosts file.

[Mazzokun]

Changed permission to 777

Code: Select all

sudo chmod 777 /var/www/secure/turnoniphone.php

but nothing changed.. It doesn't workin GUI or Domoticz. It works only if I type in terminal

Code: Select all

php turnoniphone.php

..
I'm a bit

[Egregius]

What is the output? What's in the logfiles?
Don't expect help with just 'doesn't work'.

[Mazzokun]

ok i changed folder "secure" permission to view "only owner and group", change content to "only owner and group" , access content anyone and now it work.. but.. Is it safe?
Thank you very much for support and excuse me