Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Easier, and more secure!' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Easier, and more secure!
Authored by: below on Jul 29, '03 04:02:43PM
Nice idea, but I have to disagree with the means.
Instead of messing with mod_rewrite (which is a fine tool, don't get me wrong), just use:


DAV On
ForceType text/plain
...


This takes care that all files will be displayed as source, be they shtml, php, perl, whathaveyou.
Also, to get rid off the unencrypted authentification, get mod_auth_digest, which is accepted by both the Finder and iCal (to publish you calendars).
See also:
Getting to the source with WebDAV
The mod_auth_digest module

I have a nicely working setup running on Linux/Debian, and am happy to answer any other questions.

Alex

[ Reply to This | # ]
Easier, and more secure!
Authored by: below on Jul 29, '03 04:10:08PM
Code snippet should have been:

<Directory /Library/WebServer/Documents>
DAV On
ForceType text/plain
...
</Directory>


[ Reply to This | # ]
Permissions?
Authored by: fizgig on Jul 30, '03 12:26:54PM

Can you tell me how you have permissions set up for this?
I have a ton of virtual hosts, all with different usernames (we're a hosting company) but when I log in to DAV (which is a virtual host whose DocumentRoot is the same as my webroot) I can see the folders for my virtual hosts, but can't see any files inside them.



[ Reply to This | # ]
Permissions?
Authored by: jabest on Jul 30, '03 07:44:05PM

I can't speak for others, but I use mod_auth_apple for authentication. The source is available from Apple here:

http://www.opensource.apple.com/projects/darwin/darwinserver/source/apsl/mod_auth_apple-XS-10.1.tgz

Compile it up, install it, then add the following lines to your httpd.conf. First, in the LoadModule area, add this:


LoadModule apple_auth_module   libexec/httpd/mod_auth_apple.so

Next, in the AddModule area, add this line:


AddModule mod_auth_apple.c

Be sure to put these lines in the same place in terms of load order! If you put the LoadModule statement last, then the AddModule needs to be last as well.

Basically, that's it! The mod_apple_auth works just like the mod_auth that comes with Apache, but gets its authenication information from NetInfo. Therefore, within your or block, you'd have something like this:


<Directory /Library/WebServer/Documents>
	DAV On
	... additional directives ...
	AuthType Basic
	Require valid-user
	... additional directives ...
</Directory>

There's no need for an AuthUserFile directive. AuthType Basic will now go looking in NetInfo. It will allow users that are members of the same group as is assigned to the server (by default, this is 'www' or 'nogroup') to log in. To be sure, look in your httpd.conf for this directive:


Group www

It should be uncommented. From here, I expand my permissions further through the use of the 'file-owner' and 'file-group' attributes of the Require statment. These two will look at the file and group privileges on the file/folder, and allow access that way.

To sum up:

valid-user lets them in (provided they're in 'www')
file-owner and file-group give them access to the files

Hope this helps!

TTFN, James



[ Reply to This | # ]