[mythtv-users] Locking down mythweb to local only - Best place for Require local
Ian Evans
dheianevans at gmail.com
Wed Oct 4 21:33:02 UTC 2017
On Wed, Oct 4, 2017 at 3:32 PM, Peter Bennett <cats22 at comcast.net> wrote:
>
>
> On 10/04/2017 02:19 PM, Ian Evans wrote:
>
> I haven't really used apache much, run my site on nginx, so I'm just
> trying to secure mythweb (and eventually zoneminder and phpmyadmin when I
> install them) to be local access only so I can tunnel in via ssh.
>
> From my Googling I thought this would work in the myhtweb.conf:
>
> <Directory "/var/www/html/mythweb" >
>
> ############################################################
> ################
> # I *strongly* urge you to turn on authentication for MythWeb. It is
> disabled
> # by default because it requires you to set up your own password
> file. Please
> # see the man page for htdigest and then configure the following four
> directives
> # to suit your authentication needs.
> #
> AuthType Digest
> AuthName "MythTV"
> AuthUserFile /etc/mythtv/htdigest
> Require valid-user
> BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
> Require local
> Satisfy all
>
> Etc.
>
> But after restarting apache I'm still able to access mythweb from a
> computer outside localhost.
>
> Any ideas? Thanks.
>
>
>
> This is what I use
>
> require ip 127.0.0.1 192.168.0.0/16
>
> You will need to adjust 192.168.0.0/16 if your router is allocating
> different ip address range
>
> This excludes all access from outside of my own local network.
>
> If you only want access from localhost
> require ip 127.0.0.1
>
>
Thanks for the config tip.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20171004/52ee8407/attachment.html>
More information about the mythtv-users
mailing list