[mythtv-users] securing mythweb
Gabe Rubin
gaberubin at gmail.com
Wed Mar 2 23:10:58 UTC 2011
On Wed, Mar 2, 2011 at 2:49 PM, Greg <greg12866 at nycap.rr.com> wrote:
> On 03/02/2011 05:23 PM, Bill Meek wrote:
>> On Wed, 2011-03-02 at 13:07 -0800, Gabe Rubin wrote:
>> ...
>>> Either way, some help securing mythweb would be greatly
>>> appreciated.
>> Hi;
>>
>> Do you have the required module(s) enabled? In my case, its:
>>
>> a2enmod auth_digest
>>
>> My digest permissions look like this:
>>
>> -rw-r----- 1 mythtv www-data 46 2010-09-29 18:04 mythweb-htdigest
>>
>> Good luck,
>>
>> Bill
>>
>>
>> _______________________________________________
>> mythtv-users mailing list
>> mythtv-users at mythtv.org
>> http://www.mythtv.org/mailman/listinfo/mythtv-users
>>
> This is how I set it up on Ubuntu...I am sure if you adjust your paths
> it will work for you also....
>
> sudo a2enmod
> When prompted for what module you want to enable enter:
> auth_digest
> Create your password directory
> sudo mkdir /etc/mythtv/mythweb-digest/passwd
> cd /etc/mythtv/mythweb-digest/
> sudo mkdir passwd
>
>
> Create your password FILE
> sudo htdigest -c /etc/mythtv/mythweb-digest/passwd/passwords MythTV greg
>
> Grant permissions to the new password file:
>
> sudo chown www-data /etc/mythtv/mythweb-digest/passwd/passwords
>
> sudo chgrp www-data /etc/mythtv/mythweb-digest/passwd/passwords
> sudo chmod 640 /etc/mythtv/mythweb-digest/passwd/passwords
>
> sudo gedit /etc/apache2/apache2.conf
>
> <Directory "/var/www/mythweb">
> Options Indexes FollowSymLinks
> AuthType Digest
> AuthName "MythTV"
> AuthUserFile /etc/mythtv/mythweb-digest/passwd/passwords
> Require valid-user
> Order allow,deny
> Allow from 192.168.1.
> Satisfy any
> </Directory>
>
>
> sudo /etc/init.d/apache2 restart
>
If I am able to generate the password file, doesn't that mean I have
the right module(s) installed? I did most of what Greg suggested,
except root created and owned the password file I was using, so I made
that apache (which appears to be the correct user in Fedora).
I suspect my mythweb httpd.conf file may have some problems. Here it is:
<Directory "/var/www/html/mythweb">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
AuthType Digest
AuthName "MythTV"
AuthUserFile /var/www/htdigest
Require valid-user
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
Order allow,deny
Satisfy any
SetEnv db_server "localhost"
SetEnv db_name "mythconverg"
SetEnv db_login "mythtv"
SetEnv db_password "mythtv"
RewriteEngine on
RewriteRule
^(css|data|images|js|themes|skins|README|INSTALL|[a-z_]+\.(php|pl))(/|$)
- [L]
RewriteRule ^(pl(/.*)?)$ mythweb.pl/$1 [QSA,L]
RewriteRule ^(.+)$ mythweb.php/$1 [QSA,L]
RewriteRule ^(.*)$ mythweb.php [QSA,L]
AddType video/nuppelvideo .nuv
AddType image/x-icon .ico
<Files *.pl>
SetHandler cgi-script
Options +ExecCGI
</Files>
</Directory>
More information about the mythtv-users
mailing list