archive-com.com » COM » C » CAPITALSAFETY.COM

Total: 175

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Authentication, Authorization and Access Control - Apache HTTP Server
    path to the file to get it to run With a default installation it s located at usr local apache2 bin htpasswd Next you ll need to configure the server to request a password and tell the server which users are allowed access You can do this either by editing the httpd conf file or using an htaccess file For example if you wish to protect the directory usr local apache htdocs secret you can use the following directives either placed in the file usr local apache htdocs secret htaccess or placed in httpd conf inside a Directory usr local apache apache htdocs secret section AuthType Basic AuthName Restricted Files Following line optional AuthBasicProvider file AuthUserFile usr local apache passwd passwords Require user rbowen Let s examine each of those directives individually The AuthType directive selects that method that is used to authenticate the user The most common method is Basic and this is the method implemented by mod auth basic It is important to be aware however that Basic authentication sends the password from the client to the server unencrypted This method should therefore not be used for highly sensitive data unless accompanied by mod ssl Apache supports one other authentication method AuthType Digest This method is implemented by mod auth digest and is much more secure Most recent browsers support Digest authentication The AuthName directive sets the Realm to be used in the authentication The realm serves two major functions First the client often presents this information to the user as part of the password dialog box Second it is used by the client to determine what password to send for a given authenticated area So for example once a client has authenticated in the Restricted Files area it will automatically retry the same password for any area on the same server that is marked with the Restricted Files Realm Therefore you can prevent a user from being prompted more than once for a password by letting multiple restricted areas share the same realm Of course for security reasons the client will always need to ask again for the password whenever the hostname of the server changes The AuthBasicProvider is in this case optional since file is the default value for this directive You ll need to use this directive if you are choosing a different source for authentication such as mod authn dbm or mod authn dbd The AuthUserFile directive sets the path to the password file that we just created with htpasswd If you have a large number of users it can be quite slow to search through a plain text file to authenticate the user on each request Apache also has the ability to store user information in fast database files The mod authn dbm module provides the AuthDBMUserFile directive These files can be created and manipulated with the dbmmanage program Many other types of authentication options are available from third party modules in the Apache Modules Database Finally the Require directive provides the authorization

    Original URL path: http://bc.capitalsafety.com/manual/howto/auth.html (2016-02-16)
    Open archived version from archive


  • mod_auth_basic - Apache HTTP Server

    (No additional info available in detailed archive for this subpage)
    Original URL path: /manual/mod/mod_auth_basic.html (2016-02-16)


  • mod_auth_digest - Apache HTTP Server

    (No additional info available in detailed archive for this subpage)
    Original URL path: /manual/mod/mod_auth_digest.html (2016-02-16)


  • mod_authz_user - Apache HTTP Server

    (No additional info available in detailed archive for this subpage)
    Original URL path: /manual/mod/mod_authz_user.html (2016-02-16)


  • Security Tips - Apache HTTP Server
    parsed by Apache whether or not there are any SSI directives included within the files While this load increase is minor in a shared server environment it can become significant SSI files also pose the same risks that are associated with CGI scripts in general Using the exec cmd element SSI enabled files can execute any CGI script or program under the permissions of the user and group Apache runs as as configured in httpd conf There are ways to enhance the security of SSI files while still taking advantage of the benefits they provide To isolate the damage a wayward SSI file can cause a server administrator can enable suexec as described in the CGI in General section Enabling SSI for files with html or htm extensions can be dangerous This is especially true in a shared or high traffic server environment SSI enabled files should have a separate extension such as the conventional shtml This helps keep server load at a minimum and allows for easier management of risk Another solution is to disable the ability to run scripts and programs from SSI pages To do this replace Includes with IncludesNOEXEC in the Options directive Note that users may still use include virtual to execute CGI scripts if these scripts are in directories desginated by a ScriptAlias directive CGI in General First of all you always have to remember that you must trust the writers of the CGI scripts programs or your ability to spot potential security holes in CGI whether they were deliberate or accidental CGI scripts can run essentially arbitrary commands on your system with the permissions of the web server user and can therefore be extremely dangerous if they are not carefully checked All the CGI scripts will run as the same user so they have potential to conflict accidentally or deliberately with other scripts e g User A hates User B so he writes a script to trash User B s CGI database One program which can be used to allow scripts to run as different users is suEXEC which is included with Apache as of 1 2 and is called from special hooks in the Apache server code Another popular way of doing this is with CGIWrap Non Script Aliased CGI Allowing users to execute CGI scripts in any directory should only be considered if You trust your users not to write scripts which will deliberately or accidentally expose your system to an attack You consider security at your site to be so feeble in other areas as to make one more potential hole irrelevant You have no users and nobody ever visits your server Script Aliased CGI Limiting CGI to special directories gives the admin control over what goes into those directories This is inevitably more secure than non script aliased CGI but only if users with write access to the directories are trusted or the admin is willing to test each new CGI script program for potential security holes Most sites

    Original URL path: http://bc.capitalsafety.com/manual/misc/security_tips.html (2016-02-16)
    Open archived version from archive

  • Configuration Sections - Apache HTTP Server
    private html Order allow deny Deny from all Files To address files found in a particular part of the filesystem the Files and Directory sections can be combined For example the following configuration will deny access to var web dir1 private html var web dir1 subdir2 private html var web dir1 subdir3 private html and any other instance of private html found under the var web dir1 directory Directory var web dir1 Files private html Order allow deny Deny from all Files Directory Webspace Containers The Location directive and its regex counterpart on the other hand change the configuration for content in the webspace For example the following configuration prevents access to any URL path that begins in private In particular it will apply to requests for http yoursite example com private http yoursite example com private123 and http yoursite example com private dir file html as well as any other requests starting with the private string Location private Order Allow Deny Deny from all Location The Location directive need not have anything to do with the filesystem For example the following example shows how to map a particular URL to an internal Apache handler provided by mod status No file called server status needs to exist in the filesystem Location server status SetHandler server status Location Wildcards and Regular Expressions The Directory Files and Location directives can each use shell style wildcard characters as in fnmatch from the C standard library The character matches any sequence of characters matches any single character and seq matches any character in seq The character will not be matched by any wildcard it must be specified explicitly If even more flexible matching is required each container has a regular expression regex counterpart DirectoryMatch FilesMatch and LocationMatch that allow perl compatible regular expressions to be used in choosing the matches But see the section below on configuration merging to find out how using regex sections will change how directives are applied A non regex wildcard section that changes the configuration of all user directories could look as follows Directory home public html Options Indexes Directory Using regex sections we can deny access to many types of image files at once FilesMatch i gif jpe g png Order allow deny Deny from all FilesMatch What to use When Choosing between filesystem containers and webspace containers is actually quite easy When applying directives to objects that reside in the filesystem always use Directory or Files When applying directives to objects that do not reside in the filesystem such as a webpage generated from a database use Location It is important to never use Location when trying to restrict access to objects in the filesystem This is because many different webspace locations URLs could map to the same filesystem location allowing your restrictions to be circumvented For example consider the following configuration Location dir Order allow deny Deny from all Location This works fine if the request is for http yoursite example com dir But what if

    Original URL path: http://bc.capitalsafety.com/manual/sections.html (2016-02-16)
    Open archived version from archive

  • httpd - Apache Hypertext Transfer Protocol Server - Apache HTTP Server
    httpd k install config uninstall n name w Options d serverroot Set the initial value for the ServerRoot directive to serverroot This can be overridden by the ServerRoot directive in the configuration file The default is usr local apache2 f config Uses the directives in the file config on startup If config does not begin with a then it is taken to be a path relative to the ServerRoot The default is conf httpd conf k start restart graceful stop graceful stop Signals httpd to start restart or stop See Stopping Apache for more information C directive Process the configuration directive before reading config files c directive Process the configuration directive after reading config files D parameter Sets a configuration parameter which can be used with IfDefine sections in the configuration files to conditionally skip or process commands at server startup and restart e level Sets the LogLevel to level during server startup This is useful for temporarily increasing the verbosity of the error messages to find problems during startup E file Send error messages during server startup to file R directory When the server is compiled using the SHARED CORE rule this specifies the directory for the shared object files h Output a short summary of available command line options l Output a list of modules compiled into the server This will not list dynamically loaded modules included using the LoadModule directive L Output a list of directives together with expected arguments and places where the directive is valid M Dump a list of loaded Static and Shared Modules S Show the settings as parsed from the config file currently only shows the virtualhost settings t Run syntax tests for configuration files only The program immediately exits after these syntax parsing tests with either a return code of 0

    Original URL path: http://bc.capitalsafety.com/manual/programs/httpd.html (2016-02-16)
    Open archived version from archive

  • mod_alias - Apache HTTP Server

    (No additional info available in detailed archive for this subpage)
    Original URL path: /manual/mod/mod_alias.html (2016-02-16)




  •