[mythtv-users] safely exposing mythweb to the net.
Zak
onlydarksets at mahshie.net
Fri Sep 2 01:02:16 UTC 2005
I checked the error_log, and this is what it says:
[Thu Sep 01 20:57:59 2005] [error] [client 192.168.123.198] access to
/mythweb/program_listing.php failed, reason: user MYUSER not allowed access
So, it's getting the username/password OK - it just isn't recognizing me
as an authorized user.
I just figured it out before I sent this. The "Require" line needs to read:
Require user MYUSER
Zak wrote:
> I followed these instructions on FC4 + Apache 2.x and it didn't work.
> I get prompted for a password, but it doesn't accept it. I repeated
> several times, but it didn't work. Here is what I did:
>
> # htpasswd -c /usr/local/sbin/httpd-passwords MYUSER
> # chown apache.apache /usr/local/sbin/httpd-passwords
> # chmod 640 /usr/local/sbin/httpd-passwords
> # vi /etc/httpd/conf/httpd.conf
> <Directory "/var/www/html/mythweb">
> Options Indexes FollowSymLinks
> AuthType Basic
> AuthName "MythTV"
> AuthUserFile /usr/local/sbin/httpd-passwords
> Require MYUSER
> Order allow,deny
> Allow from all
> </Directory>
> # service httpd restart
>
> Any thoughts?
>
>
> Frank Lynch wrote:
>
>> On 9/1/05, Justin Hornsby <justin.hornsby2 at ntlworld.com> wrote:
>>
>>
>>> Frank Lynch wrote:
>>>
>>>
>>>> Hi Folks,
>>>> I'm really starting to like my MythTV box, this is a great project!
>>>> In case its relevant I'm running myth 18.1 on Fedora Core 4.
>>>>
>>>> I'd like to be able to access mythweb from the public Internet (so
>>>> that I can schedule recordings when I'm not at home etc..). With this
>>>> in mind I cretaed an account with dyndns.org, and configured port
>>>> forwarding on my router.
>>>>
>>>> I'm guessing that my next step should be to harden my Apache
>>>> configuration? should I enable https? are there any other precautions
>>>> that I should be taking? The last thing I want is some dirty hacker
>>>> having their evil-way with my mythbox!
>>>>
>>>> If this covered in a howto or some other doc I'd appreciate a pointer.
>>>> I searched, but I couldn't find anything that covers this specific
>>>> topic... I saw the article on tunnelling through ssh[1], but I'd
>>>> rather have a solution that my wife could use (she can certainly use a
>>>> https site with a user name/password, but its a bit much to ask her to
>>>> tunnel over ssh).
>>>>
>>>> thanks,
>>>> --Frank
>>>>
>>>
>>> I use just standard apache2 - no https... but the password is
>>> apparently
>>> random chars, so no script kid is gonna get to it without really trying
>>> hard.
>>>
>>> You can change the port apache runs on, but then that might make
>>> accessing it from work a problem (depending on your workplace's
>>> proxy/firewall etc).
>>>
>>> I get the occasional hack attempt, but so far the worst that has
>>> happenned is a DoS (ping of death?) attack which crashed my router.
>>>
>>> I'm sure there will be people who'll say what I'm doing isn't secure
>>> enough, and I agree it's not the most secure way to do things - but it
>>> works for me, and has done for a long time. I know the risks...
>>>
>>> I look in the logs every week, and from what I've seen in there the
>>> majority of accesses from random IP addresses seem to just be
>>> botnets/kids looking for easy exploits.
>>>
>>> It'll be interesting to see what everyone else does though ;-)
>>>
>>> Justin.
>>>
>>
>>
>> Thanks Justin, I just found a howto on this:
>> http://www.mythtv.info/moin.cgi/SecuringMythWebHowTo?action=highlight&value=CategoryHowTo
>>
>> It sounds like a very similar approach to yours... I think I'll give
>> this a try tonight.
>> cheers,
>> --Frank
>> _______________________________________________
>> mythtv-users mailing list
>> mythtv-users at mythtv.org
>> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>>
>>
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
More information about the mythtv-users
mailing list