| View previous topic :: View next topic |
| Author |
Message |
lenk
Apprentice
Joined: 08 Mar 2004
Posts: 211
|
 Posted: Thu Dec 23, 2004 10:27 am Post subject: [apache] retricted dir with SSL ? |
 |
|
Hi, I just setup snort/acid on my webserver. I also have wordpress and gallery installed. How do I retrict the world from viewing my snort/acid logs with authentication with SSL? I read the apache howto on using the .htaccess file, but I am still confused.
Can someone show me an example, how I can protect my sensitive directories?
Thanks
Lenk
_________________
E6300 Gigabyte GA-965P-DS3 2GB Corsair 320GB Seagate 7200.10 XFX 7600GT Gentoo
Dell M1330 T7500 2GB 160GB 13.3" WXGA Gentoo
Sharp Zaurus SL-C760 Cacko ROM 1.21b / pdaXrom 1.10rc5 512MB CF + 512MB SD
Sun Ultra5 Gentoo |
|
| Back to top |
|
 |
SavageMindz
Tux's lil' helper
Joined: 28 Oct 2002
Posts: 87
Location: The bit of hell that has frozen over.
|
| Posted: Thu Dec 23, 2004 10:45 am Post subject: |
|
|
Ok you will need to do two things (see if I can remember it all  )
I should probably point out that these instructions are for apache1 not 2. The config file is a bit more broken up in 2 but it approx the same other than you might have to edit a few more files.
First edit the /etc/apache/conf/apache.conf
In the Directory section of your config add the folowing. I put the important bit in bold. You dont have to Override all, infact you should read the docs to see what you want to override and what you don't, but this will get it working.
| Code: | <Directory "/home/httpd/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
|
Also in the main config file put the following (but not in the directory section). This stops others just downloading your .htaccess files. That would be very bad.
| Code: | <Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files> |
Ok that should now give you htaccess files working.
Ok next you need to make a certificate. To do this you will have to read the docs cause I cant remember off hand. Go here http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#keyscerts
Finally add your cert and key to /etc/apache/conf/vhosts/ssl.default-vhost.conf
That should be ssl now working.
Finally make yourself a .htaccess file, I'll leave you to find out how to do the users and passwords, your have a few options(files, LDAP, MYSQL etc..)
The only line to need to force SSL is to have a ....
in the .htaccess file.
Anyway hope all that helps.
Savage
Last edited by SavageMindz on Thu Dec 23, 2004 3:47 pm; edited 1 time in total |
|
| Back to top |
|
|
lenk
Apprentice
Joined: 08 Mar 2004
Posts: 211
|
| Posted: Thu Dec 23, 2004 10:52 am Post subject: |
|
|
I am running apache2, I got php and SSL working using the gentoo-wiki guide. Can I have an example copy of a .htaccess file? Thanks
lenk
_________________
E6300 Gigabyte GA-965P-DS3 2GB Corsair 320GB Seagate 7200.10 XFX 7600GT Gentoo
Dell M1330 T7500 2GB 160GB 13.3" WXGA Gentoo
Sharp Zaurus SL-C760 Cacko ROM 1.21b / pdaXrom 1.10rc5 512MB CF + 512MB SD
Sun Ultra5 Gentoo |
|
| Back to top |
|
|
SavageMindz
Tux's lil' helper
Joined: 28 Oct 2002
Posts: 87
Location: The bit of hell that has frozen over.
|
| Posted: Thu Dec 23, 2004 3:46 pm Post subject: |
|
|
| Code: | AuthName "example htaccess"
AuthType Basic
#AuthGroupFile /dev/null
# Auth form LDAP
LDAP_Server example.net
LDAP_Port 389
#LDAP_CertDbDir /etc/openldap/ssl/
Base_DN "ou=People,dc=example,dc=net"
Bind_DN "cn=binduser,dc=example,dc=net"
Bind_Pass "binduserpassword"
LDAP_StartTLS On
#AuthMySQLHost example.net
#AuthMySQLDB exampleDB
#AuthMySQLUserTable mod_users
# Auth from Database
#AuthMySQLUser phpwebsite
#AuthMySQLPassword phpwebpass
#AuthMySQLNameField username
#AuthMySQLPasswordField password
#AuthMySQLCryptedPasswords Off
#AuthMySQLScrambledPasswords Off
#AuthMySQLMD5Passwords On
#AuthMySQLGroupField groups
SSLRequireSSL
Require valid-user
|
The top section is just the name for the popup window you get to put your password in. The second line is the access type. you will want basic unless you know otherwise.
The 2 section is my LDAP connection bit (names changed to protect the inocent ) to use that you would have to set up an LDAP server but thats how it looks form the apache side of things.
The third section that is commented out is teh same as the second but connects to a MySQL DB for its usernames and passwords.
The last two line just say that we require SSL to use this (normal http connections will not be allowed, SSL ones get a password box) and that we require a valid user to proceed.
I'm afraid I dont have a basic exampel with files anymore but you can find that on google. |
|
| Back to top |
|
|
|
Networking & Security
