[mythtv-users] Securing Mythweb
Harry Devine
lifter89 at comcast.net
Wed Apr 2 11:50:22 UTC 2008
Daniel Arfsten wrote:
> ........trimmed out for space savings...........
>
> >You need to make sure it resolves to <blah,blah,blah>.dyndns.org
> >No machine outside of your network is going to know what hjdmyth is.
>
> Here is an example of my /etc/hosts file. I use mythweb and can access within my network as
> well as outside my network. however, I do need to enter a username and password whether I am in my network
> or outside. I am using MythTV 20.2-fixes on Ubuntu Feisty Fawn (7.04)
>
> /etc/hosts
> 127.0.0.1 localhost.localdomain localhost
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts
> 192.168.0.4 WINXP
> 192.168.0.5 XUBUNTU-FIESTY
> 192.168.0.3 HAHAHAHA HAHAHAHA.getmyip.com
> 192.168.0.6 gutsy
>
> I changed my real hostname from what it is to HAHAHAHA but you get the point and you can see
> that my dyndns.org FQDN name is, it's just the hostname with the domain added to it.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>
Nope, no go. I just tried it from work after changing /etc/hosts last
night, and here's what I get in my /var/log/htttpd/access_log:
204.246.129.196 - - [02/Apr/2008:07:39:28 -0400] "GET /mythweb HTTP/1.1"
401 509 "-" "Mozilla/4.0"
155.178.180.5 - - [02/Apr/2008:07:39:33 -0400] "GET /mythweb HTTP/1.1"
401 509 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR
1.1.4322; .NET CLR 2.0.50727)"
155.178.180.5 - hdevine [02/Apr/2008:07:39:41 -0400] "GET /mythweb
HTTP/1.1" 301 339 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
Here's my /etc/hosts:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.200 HJDMyth xxxxxxx.dyndns.org
::1 localhost6.localdomain6 localhost6
Here's my /etc/httpd/conf.d/mythweb.conf (the relevant sections):
<Directory "/var/www/html/mythweb" >
############################################################################
# I *strongly* urge you to turn on authentication for MythWeb. It
is disabled
# by default because it requires you to set up your own password
file. Please
# see the man page for htdigest and then configure the following
four directives
# to suit your authentication needs.
#
AuthType Digest
AuthName "MythTV"
AuthUserFile /var/www/htdigest
Require valid-user
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
Order allow,deny
Allow from 192.168.1. 127.
Satisfy any
#
# * If you're running Apache earlier than 2.2, you will need to use
# the AuthDigestFile command instead of AuthUserFile (3rd line
above).
#
############################################################################
# Some special instructions for the MythWeb controller files
#
<Files mythweb.*>
#
# Use the following environment settings to tell MythWeb where
you want it to
# look to connect to the database, the name of the database to
connect to, and
# the authentication info to use to connect. The defaults will
usually work
# fine unless you've changed mythtv's mysql.txt file, or are
running MythWeb on
# a different server from your main backend. Make sure you have
mod_env enabled.
#
setenv db_server "HJDMyth"
setenv db_name "mythconverg"
setenv db_login "mythtv"
setenv db_password "mythtv"
#
# By default, MythWeb uses the hostname program to look up the
hostname of the
# machine it runs on. If this reports incorrect data, or you
run MythWeb on a
# machine without the hostname program, set this to your current
hostname.
#
# setenv hostname "my_mythbox"
setenv hostname "xxxxxxx.dyndns.org"
#
Any ideas on what's going on?
Harry
More information about the mythtv-users
mailing list