[mythtv-users] safely exposing mythweb to the net.

Zak onlydarksets at mahshie.net
Fri Sep 2 01:02:16 UTC 2005

I checked the error_log, and this is what it says:
[Thu Sep 01 20:57:59 2005] [error] [client] access to 
/mythweb/program_listing.php failed, reason: user MYUSER not allowed access

So, it's getting the username/password OK - it just isn't recognizing me 
as an authorized user.

I just figured it out before I sent this.  The "Require" line needs to read:
Require user MYUSER

Zak wrote:

> I followed these instructions on FC4 + Apache 2.x and it didn't work.  
> I get prompted for a password, but it doesn't accept it.  I repeated 
> several times, but it didn't work.  Here is what I did:
> # htpasswd -c /usr/local/sbin/httpd-passwords MYUSER
> # chown apache.apache /usr/local/sbin/httpd-passwords
> # chmod 640 /usr/local/sbin/httpd-passwords
> # vi /etc/httpd/conf/httpd.conf
> <Directory "/var/www/html/mythweb">
>    Options Indexes FollowSymLinks
>    AuthType Basic
>    AuthName "MythTV"
>    AuthUserFile /usr/local/sbin/httpd-passwords
>    Require MYUSER
>    Order allow,deny
>    Allow from all
> </Directory>
> # service httpd restart
> Any thoughts?
> Frank Lynch wrote:
>> On 9/1/05, Justin Hornsby <justin.hornsby2 at ntlworld.com> wrote:
>>> Frank Lynch wrote:
>>>> Hi Folks,
>>>> I'm really starting to like my MythTV box, this is a great project!
>>>> In case its relevant I'm running myth 18.1 on Fedora Core 4.
>>>> I'd like to be able to access mythweb from the public Internet (so
>>>> that I can schedule recordings when I'm not at home etc..). With this
>>>> in mind I cretaed an account with dyndns.org, and configured port
>>>> forwarding on my router.
>>>> I'm guessing that my next step should be to harden my Apache
>>>> configuration? should I enable https? are there any other precautions
>>>> that I should be taking? The last thing I want is some dirty hacker
>>>> having their evil-way with my mythbox!
>>>> If this covered in a howto or some other doc I'd appreciate a pointer.
>>>> I searched, but I couldn't find anything that covers this specific
>>>> topic... I saw the article on tunnelling through ssh[1], but I'd
>>>> rather have a solution that my wife could use (she can certainly use a
>>>> https site with a user name/password, but its a bit much to ask her to
>>>> tunnel over ssh).
>>>> thanks,
>>>> --Frank
>>> I use just standard apache2 - no https... but the password is 
>>> apparently
>>> random chars, so no script kid is gonna get to it without really trying
>>> hard.
>>> You can change the port apache runs on, but then that might make
>>> accessing it from work a problem (depending on your workplace's
>>> proxy/firewall etc).
>>> I get the occasional hack attempt, but so far the worst that has
>>> happenned is a DoS (ping of death?) attack which crashed my router.
>>> I'm sure there will be people who'll say what I'm doing isn't secure
>>> enough, and I agree it's not the most secure way to do things - but it
>>> works for me, and has done for a long time.  I know the risks...
>>> I look in the logs every week, and from what I've seen in there the
>>> majority of accesses from random IP addresses seem to just be
>>> botnets/kids looking for easy exploits.
>>> It'll be interesting to see what everyone else does though ;-)
>>> Justin.
>> Thanks Justin, I just found a howto on this:
>> http://www.mythtv.info/moin.cgi/SecuringMythWebHowTo?action=highlight&value=CategoryHowTo 
>> It sounds like a very similar approach to yours... I think I'll give
>> this a try tonight.
>> cheers,
>> --Frank
>> _______________________________________________
>> mythtv-users mailing list
>> mythtv-users at mythtv.org
>> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

More information about the mythtv-users mailing list