I would like to restrict access to files accessed via http. I am using DOT 7.2. First I configured standard http services - everything is running smoothly. My settings:
httpd.access legacy httpd.admin.access legacy httpd.admin.enable off httpd.admin.hostsequiv.enable off httpd.admin.max_connections 1023 httpd.admin.ssl.enable on httpd.autoindex.enable off httpd.enable on httpd.log.format common httpd.method.trace.enable off httpd.rootdir /vol/docs httpd.timeout 300 httpd.timewait.enable off
/vol/docs is dedicated for http access FlexVol with ntfs access rights filer is configured also for CIFS in workgroup mode). Now I try to limit access to the services - one dedicated user and standard authentication is enough. In accordance to documentation I have prepared the following files:
/etc/httpd.passwd psuser:_J9..PYJ.MWfkaOhMiFc
/etc/httpd.group psgroup:psuser
/etc/httpd.access <Directory /vol/docs/> AuthName Dokumentacja PS <Limit GET> require user psuser </Limit> </Directory> <Directory /vol/docs/telco> AuthName Dokumentacja PS <Limit GET> require user psuser </Limit> </Directory>
But it does not work: anyone can access the files without any authentication. What am I missing? How can I troubleshoot http access? (httpd.log file does not contain anything helpful).
Best regards,
Jacek
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0638-0, 2006-09-19 Tested on: 2006-09-19 23:18:41 avast! - copyright (c) 1988-2006 ALWIL Software. http://www.avast.com
Well, I tested and (under 7.2) it seems to work for me.
fas270> options httpd. httpd.access legacy httpd.admin.access legacy httpd.admin.enable on httpd.admin.hostsequiv.enable off httpd.admin.max_connections 1023 httpd.admin.ssl.enable off httpd.autoindex.enable off httpd.enable on httpd.log.format common httpd.method.trace.enable off httpd.rootdir /vol/http httpd.timeout 300 httpd.timewait.enable off pw650s10# cat httpd.access <Directory /vol/http> AuthName My private stuff <Limit GET> require user dole </Limit> </Directory> pw650s10# cat httpd.passwd dole:tA2Clw/gBxSog
Example was directly from httpd.access manual page.
Are you sure access is not cached somewhere in between? Also http needs some time to catch up with changes.
Andrey Borzenkov Senior system engineer IT Product Services Fujitsu Siemens Computers Russian Federation
Telephone: +7(495)737-2723 Email: mailto:Andrey.Borzenkov@fujitsu-siemens.com Internet: http://www.fujitsu-siemens.com
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of JacekN Sent: Wednesday, September 20, 2006 1:19 AM To: toasters Subject: Troubleshooting http access
I would like to restrict access to files accessed via http. I am using DOT 7.2. First I configured standard http services - everything is running smoothly. My settings:
httpd.access legacy httpd.admin.access legacy httpd.admin.enable off httpd.admin.hostsequiv.enable off httpd.admin.max_connections 1023 httpd.admin.ssl.enable on httpd.autoindex.enable off httpd.enable on httpd.log.format common httpd.method.trace.enable off httpd.rootdir /vol/docs httpd.timeout 300 httpd.timewait.enable off
/vol/docs is dedicated for http access FlexVol with ntfs access rights filer is configured also for CIFS in workgroup mode). Now I try to limit access to the services - one dedicated user and standard authentication is enough. In accordance to documentation I have
prepared the following files:
/etc/httpd.passwd psuser:_J9..PYJ.MWfkaOhMiFc
/etc/httpd.group psgroup:psuser
/etc/httpd.access <Directory /vol/docs/> AuthName Dokumentacja PS <Limit GET> require user psuser </Limit> </Directory> <Directory /vol/docs/telco> AuthName Dokumentacja PS <Limit GET> require user psuser </Limit> </Directory>
But it does not work: anyone can access the files without any authentication. What am I missing? How can I troubleshoot http access? (httpd.log file does not contain anything helpful).
Best regards,
Jacek
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0638-0, 2006-09-19 Tested on: 2006-09-19 23:18:41 avast! - copyright (c) 1988-2006 ALWIL Software. http://www.avast.com
Borzenkov, Andrey napisał(a):
Well, I tested and (under 7.2) it seems to work for me.
...
Example was directly from httpd.access manual page.
Yes, your example worked for me as well. But it is still mistery why my setup is not working. I believe that it could be caused by file format (my final tests were done using rdfile/wrfile) because the same config file in some trials was OK in some not...
Are you sure access is not cached somewhere in between? Also http needs some time to catch up with changes.
Yes, I have tested that it is not caching issue.
Best regards,
Jacek
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0639-2, 2006-09-26 Tested on: 2006-09-26 22:48:58 avast! - copyright (c) 1988-2006 ALWIL Software. http://www.avast.com
Hi All,
The httpd.access file is critical.
The http functionality will only work for one volume as specified by httpd.rootdir
You must have all your qtrees in the above volume in the httpd.access file.
Give it a try.
Thanks Eugene =)
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of JacekN Sent: Tuesday, September 26, 2006 16:49 To: toasters Cc: Borzenkov, Andrey Subject: Re: Troubleshooting http access
Borzenkov, Andrey napisał(a):
Well, I tested and (under 7.2) it seems to work for me.
...
Example was directly from httpd.access manual page.
Yes, your example worked for me as well. But it is still mistery why my setup is not working. I believe that it could be caused by file format (my final tests were done using rdfile/wrfile) because the same config file in some trials was OK in some not...
Are you sure access is not cached somewhere in between? Also http needs some time to catch up with changes.
Yes, I have tested that it is not caching issue.
Best regards,
Jacek
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0639-2, 2006-09-26 Tested on: 2006-09-26 22:48:58 avast! - copyright (c) 1988-2006 ALWIL Software. http://www.avast.com
Eugene Lee napisał(a):
Hi All,
The httpd.access file is critical.
The http functionality will only work for one volume as specified by httpd.rootdir
You must have all your qtrees in the above volume in the httpd.access file.
No, it is another problem. It is something LIKE:
<Directory /vol/http> AuthName My private stuff <Limit GET> require user dole </Limit> </Directory>
is working but
<Directory /vol/http> AuthName My private stuff <Limit GET> require user dole </Limit> </Directory>
is not working (I am not sure if the formatting will be preserved so short explanation: first example contains some intends, in second each single line starts in the first column).
But as I wrote earlier it is not quite clear for me why sometimes exactly the same syntax is working and sometimes not (I made copies of each config file so no typo was possible). The only difference I could see was the way of creating or modyfying the file (I edited the file using CIFS share and TED Notepad that supports Unix style text files; later I just used rdfile/wrfile). Unfortunately I am too busy now to check it precisely but I hope I will return to this topic in a week or so.
Best regards,
Jacek
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0639-3, 2006-09-27 Tested on: 2006-09-27 20:04:40 avast! - copyright (c) 1988-2006 ALWIL Software. http://www.avast.com
-
Borzenkov, Andrey -
Eugene Lee -
JacekN