# editing httpd.conf??



## Hype.it (Jun 22, 2004)

Help.. does anyone know how i edit this file? What command i use in terminal and erm... how i get above root (as in webserver) access?


----------



## btoth (Jun 22, 2004)

Hype.it said:
			
		

> Help.. does anyone know how i edit this file? What command i use in terminal and erm... how i get above root (as in webserver) access?




At the terminal:

$ cd /etc/httpd
$ sudo <name of program/command> httpd.conf

sudo will ask you for your admin password and will allow you to save changes to the file.  If you use BBEdit, you don't need to do that step, but if you wanted to edit it with pico for example you would type:

$ sudo pico httpd.conf

Or try 

$ sudo open httpd.conf to have the Finder open it in the default App.


----------



## Hype.it (Jul 20, 2004)

thanks... btoth. 

But now i like to setup some sub-domains and have above root (or document in webserver, not user) access in my webserver for the storage of config files. Anyone know how i do this?


----------



## michaelsanford (Jul 20, 2004)

Do you mean you want to set up things like *subdomain*.hype.it ?

That will be in a VirtualHost (Section 3) directive near line 1029, just set the DocumentRoot directive to whatever folder you want.


----------



## Hype.it (Jul 20, 2004)

michaelsanford said:
			
		

> Do you mean you want to set up things like *subdomain*.hype.it ?
> 
> That will be in a VirtualHost (Section 3) directive near line 1029, just set the DocumentRoot directive to whatever folder you want.



Thanks you, that's one thing, then there is the other...

Currently as it stand it's appears to be like this (which is the default)

_URL "http://127.0.0.1/"

Path: "/Library/WebServer/Documents/"
Path: "/Library/WebServer/CGI-Executables/"_

And any config files would be contained within _Documents_ or maybe in _CGI-Bin_. Either way, they are accessible to users. What i'd like to know, is there a way to place them 'out of documents or www' into another folder that's considered above or out of web access. Which only the server can see, such as:

_Path: "/Library/WebServer/*ConFigs*"_

Thanks in advance.


----------



## michaelsanford (Jul 20, 2004)

What config files do you mean ? Do you mean like PHP/CGI script files or server configuration files of some kind ?


----------



## Hype.it (Jul 21, 2004)

Server configuration files and various things that need to be hidden from user access, only need server read and possibly execute rights. 

_configs.php
includes
global includes

eCommerce dbconfigs.php_

I could do it on my former host with the help of the hostmaster doing something but now I've chosen to build a dedicated server and co-locate later. Anyway, this is for a *off-line testing server*

Please help.


----------



## michaelsanford (Jul 28, 2004)

For some reason I've noticed that my last reply was never submitted!

Basically if it's a conifg file that sets PHP variables you don't need to protect it, really, since simply hitting the config script in a browser won't print out all the configuration variables.

Most of the sites I've written are based on this principle, and big popular apps like phpMyAdmin are also.


----------



## Hype.it (Aug 10, 2004)

ah... then to protect one's own applications or projects what lines do i need to invoke to activate this feature?


----------



## michaelsanford (Aug 10, 2004)

It's not a feature, per se, it's just the way PHP works.

Here's a short example I wipped up for you:
http://trogdor.myvnc.com:81/~amras/config_example/

Let's say you have a file called config.php containing something like:

```
<?php

// This is an example configuration file in PHP
// by Michael Sanford for www.macosx.com

	$config['username'] = 'michael';
	$config['password'] = 'michael1';
	$config['host'] = 'michaelsanford.com';

?>
```

And you called that configuration file with:

```
<?php

// This is an example configuration file in PHP
// by Michael Sanford for www.macosx.com

// call the configuration script
include("./config_example.php");

	echo "Username: " . $config['username'] . "<br />";
	echo "Password: " . $config['password'] . "<br />";
	echo "Host: " . $config['host'] . "<br />";

?>
```

Hit config_example_local.php and see what happens. You get the output. Now hit config_example.php, you get a blank page.

Now that you even know the URL of my configuration script ( http://trogdor.myvnc.com:81/~amras/config_example/config_example.php ) try and hack it so you can print the $config variable elements...you'll have a pretty hard time doing it.

*PS* The thing to keep in mind here is that PHP means Hypertext PRE PROCESSOR, which means the code is executed before it's sent to the client. So even if you knew the URL of your configuration file and tried to curl it in the terminal, the server would just process the file, find there's no HTML output and download an empty file.


----------



## TommyWillB (Aug 10, 2004)

Everthing you ever wanted to know about Apache can be found at Apache.org... Look in the HTTP 1.3 section.

 Also, I've found it easier to change the ownership/permissions of the httpd.conf file so that I can edit is as my non-root administrator password... So I don't need to mess with any command line suff... I just use BBedit.


 ...Oh... and everything you want to know about PHP is at php.net.


----------

