...making Linux just a little more fun!
#
apt-get
install apache2 libapache-mod-dav Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: apache-common apache2-common apache2-mpm-worker apache2-utils libapr0 libxmltok1 openssl ssl-cert Suggested packages: apache apache-ssl apache-perl apache2-doc lynx www-browser ca-certificates The following NEW packages will be installed: apache-common apache2 apache2-common apache2-mpm-worker apache2-utils libapache-mod-dav libapr0 libxmltok1 openssl ssl-cert 0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded. Need to get 3141kB of archives. After unpacking 10.1MB of additional disk space will be used. Do you want to continue? [Y/n] y |
# /usr/lib/ssl/misc/CA.sh
-newca CA certificate filename (or enter to create) (enter) Making CA certificate ... Using configuration from /usr/lib/ssl/openssl.cnf Generating a 1024 bit RSA private key .............................................................................+++ ........................................+++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase:(enter password) This is the password you will need to create any other certificates. Verifying password - Enter PEM pass phrase:(repeat password) ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US(enter) Enter your country code here State or Province Name (full name) [Some-State]:State(enter) Enter your state/province/county here Locality Name (eg, city) []:City(enter) Enter your city here Organization Name (eg, company) [Internet Widgits Pty Ltd]:ExampleCo(enter) Enter your company name here (or leave blank) Organizational Unit Name (eg, section) []:IT(enter) OU or department, if you like. You can leave it blank if you want. Common Name (eg, YOUR name) []:CA(enter) The name of your Certificate Authority Email Address []:ca@example.com(enter) E-Mail Address |
# /usr/lib/ssl/misc/CA.sh
-newreq Using configuration from /usr/lib/ssl/openssl.cnf Generating a 1024 bit RSA private key ...................................+++ ...............................+++ writing new private key to 'newreq.pem' Enter PEM pass phrase:(enter password) Password to encrypt the new cert's private key with - you'll need this! Verifying password - Enter PEM pass phrase:(repeat password) ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US(enter) State or Province Name (full name) [Some-State]:State(enter) Locality Name (eg, city) []:City(enter) Organization Name (eg, company) [Internet Widgits Pty Ltd]:ExampleCo(enter) Organizational Unit Name (eg, section) []:(enter) Common Name (eg, YOUR name) []:host.example.com(enter)The host name of your Web server Email Address []:user@example.com(enter) (optional) Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:(enter) An optional company name []:(enter) Request (and private key) is in newreq.pem |
# /usr/lib/ssl/misc/CA.sh
-sign Using configuration from /usr/lib/ssl/openssl.cnf Enter PEM pass phrase:(password you entered when creating the ca) Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'State' localityName :PRINTABLE:'City' organizationName :PRINTABLE:'ExampleCo' commonName :PRINTABLE:'host.example.com' emailAddress :IA5STRING:'user@example.com' Certificate is to be certified until Feb 13 16:28:40 2012 GMT (3650 days) Sign the certificate? [y/n]:y(enter) 1 out of 1 certificate requests certified, commit? [y/n]y(enter) Write out database with 1 new entries Data Base Updated (certificate snipped) Signed certificate is in newcert.pem |
# mv newcert.pem host.example.com.pem # mv newkey.pem host.example.com.key |
# chmod 400 /etc/apache2/ssl/host* |
# cp /etc/apache2/ssl/host.example.com.key /etc/apache2/ssl/host.example.com-bkp |
# openssl
rsa -in /etc/apache2/host.example.com.key-bkp -out
/etc/apache2/ssl/host.example.com.key Enter pass phrase for /etc/apache2/ssl/host.example.com.key-bkp: writing RSA key |
SSLCertificateFile
/etc/apache2/ssl/host.example.com.pem SSLCertificateKeyFile /etc/apache2/ssl/host.example.com.key listen 443 |
# ln -s
/etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf # ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled/ssl.load |
# touch /etc/apache2/sites-available/testwebdav |
<VirtualHost
WEB_server_IP_address:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> </VirtualHost> |
# ln -s /etc/apache2/sites-available/testwebdav /etc/apache2/sites-enabled/testwebdav |
# mkdir /var/www/webdav |
# chown www-data:www-data /var/www/webdav/ |
# echo
"hello world" > /var/www/webdav/test.txt # chown apache:apache /var/www/webdav/test.txt # chmod 640 /var/www/webdav/test.txt |
# /etc/init.d/apache2 reload |
# netstat -anpt |
https://WEB_server_IP_address/test.txt |
hello world |
# ln -s
/etc/apache2/mods-available/auth_anon.load
/etc/apache2/mods-enabled/auth_anon.load # ln -s /etc/apache2/mods-available/dav_fs.conf /etc/apache2/mods-enabled/dav_fs.conf # ln -s /etc/apache2/mods-available/dav_fs.load /etc/apache2/mods-enabled/dav_fs.load # ln -s /etc/apache2/mods-available/dav.load /etc/apache2/mods-enabled/dav.load |
# htpasswd -c
/etc/apache2/passwd.dav test # chown root:www-data /etc/apache2/passwd.dav # chmod 640 /etc/apache2/passwd.dav |
<VirtualHost WEB_server_IP_address:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> <Directory /var/www/webdav> DAV On AuthType Basic AuthName "test" AuthUserFile /etc/apache2/passwd.dav <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Require user test </Limit> </Directory> </VirtualHost> |
# /etc/init.d/apache2 reload |
https://WEB_server_IP_address/ |
<VirtualHost WEB_server_IP_addres:80> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav </VirtualHost> <VirtualHost WEB_server_IP_addres:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> <Directory /var/www/webdav> DAV On AuthType Basic AuthName "test" AuthUserFile /etc/apache2/passwd.dav <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Require user test </Limit> </Directory> </VirtualHost> |
# /etc/init.d/apache2 reload |
http://WEB_server_IP_address/test.txt |
hello world |
# tar -xvzf
httpd-2.0.54.tgz (snip) # cd httpd-2.0.54 # patch -p2 < /location/where/the/patch/is/webdav-2.0.54-quota-2.3any.txt patching file modules/dav/main/mod_dav.c patching file modules/dav/main/quotachk.h patching file modules/dav/main/quotachk.c patching file modules/dav/main/config5.m4 patching file configure # ./configure --enable-modules=most --enable-mods-shared=all (snip) # make |
# ls -l
./modules/dav/fs/.libs/mod_dav_fs.so -rwxr-xr-x 1 root root 217493 2006-03-24 10:10 ./modules/dav/fs/.libs/mod_dav_fs.so # ls -l ./modules/dav/main/.libs/mod_dav.so -rwxr-xr-x 1 root root 417579 2006-03-24 10:09 ./modules/dav/main/.libs/mod_dav.so |
#
mv /usr/lib/apache2/modules/mod_dav.so /usr/lib/apache2/modules/mod_dav.so-bkp # mv /usr/lib/apache2/modules/mod_dav_fs.so /usr/lib/apache2/modules/mod_dav_fs.so-bkp |
# cp
./modules/dav/main/.libs/mod_dav.so /usr/lib/apache2/modules/mod_dav.so # cp ./modules/dav/fs/mod_dav_fs.so /usr/lib/apache2/modules/mod_dav_fs.so |
<VirtualHost WEB_server_IP_address:80> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav </VirtualHost> <VirtualHost WEB_server_IP_address:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> <Directory /var/www/webdav> DAV On # DAVSATMaxAreaSize: the size is specificed in kBytes # since each blocks are 4K each # add about 50K above the limit wanted DAVSATMaxAreaSize 150 AuthType Basic AuthName "test" AuthUserFile /etc/apache2/passwd.dav <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Require user test </Limit> </Directory> </VirtualHost> |
One important thing you should be aware of is the quota limit is
dependent on the block size of your
Web server file
system and may cause the quota limit to be reached quicker than you
would expect.
Here is an example: If you have set the quota limit to 50 kByte and your file system has a block size of 4 kByte and say all files in the WebDAV directory amount to a total of 48 kByte, when you copy a 1kByte text file from a windows system to the WebDAV directory, this 1kByte text file will occupy a 4 kBytes block on the WebDAV folder thus exceeding the limit even though you thought you had 2 kBytes free. An easy workaround is to set the limit a little bit higher than required. For example a strict limit for a quota of 150 kByte would be to set the quota to 152 kByte. However in practice I personally add 50 kBytes over the required limit. |
# /etc/init.d/apache2 restart |
tail -f /var/log/apache2/error.log |
[Fri Mar 24
12:26:13 2006] [error] [client 10.44.10.1] File does not exist:
/var/www/webdav/impunx.log [Fri Mar 24 12:26:13 2006] [error] WebDAV-Quota: Directory `/var/www/webdav/' size `404KB' is over `150KB'! |
# apt-get
install mysql-server libapache2-mod-auth-mysql Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: libdbd-mysql-perl libdbi-perl libmysqlclient12 libnet-daemon-perl libplrpc-perl mysql-client mysql-common Suggested packages: dbishell mysql-doc The following NEW packages will be installed: libapache2-mod-auth-mysql libdbd-mysql-perl libdbi-perl libmysqlclient12 libnet-daemon-perl libplrpc-perl mysql-client mysql-common mysql-server 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded. Need to get 5233kB of archives. After unpacking 12.6MB of additional disk space will be used. Do you want to continue? [Y/n] y |
# mysqladmin
-uroot -p create sysadmins Enter password:: |
# mysqladmin
-uroot -p create sysadmins # mysql -uroot -p mysql> use sysadmins Database changed mysql> create table mysql_auth -> ( -> username char(50) not null, -> passwd char(25), -> groups char(25) -> ); Query OK, 0 rows affected (0.01 sec) mysql> create unique index mysqlauthix1 on mysql_auth(username); Query OK, 0 rows affected (0.01 sec) Records: 0 Duplicates: 0 Warnings: 0 |
mysql> grant
select on sysadmins.* to
apache@localhost identified by '1pach2'; (apache@localhost user is the
user and '1pach2' is the
password) Query OK, 0 rows affected (0.00 sec) |
mysql>
insert into mysql_auth (username, passwd, groups) values
('admin','1dm3n','sysadmins'); Query OK, 1 row affected (0.01 sec) |
delldebian:/etc/apache2/mods-enabled#
mysql -uapache -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 36 to server version: 4.0.24_Debian-10sarge1-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use sysadmins Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> select * from mysql_auth; +----------+--------+-----------+ | username | passwd | groups | +----------+--------+-----------+ | admin | 1dm3n | sysadmins | +----------+--------+-----------+ 1 row in set (0.00 sec) |
# touch /etc/apache2/mods-available/auth_mysql.conf |
Auth_MySQL_Info localhost apache 1pach2 |
# ln -s
/etc/apache2/mods-available/auth_mysql.load
/etc/apache2/mods-enabled/auth_mysql.load # ln -s /etc/apache2/mods-available/auth_mysql.conf /etc/apache2/mods-enabled/auth_mysql.conf |
<VirtualHost WEB_server_IP_address:80> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav </VirtualHost> <VirtualHost WEB_server_IP_address:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> <Directory /var/www/webdav> DAV On # DAVSATMaxAreaSize: the size is specificed in kBytes # since each blocks are 4K each # add about 50K above the limit wanted DAVSATMaxAreaSize 150 AuthType Basic AuthName "test" #AuthUserFile /etc/apache2/passwd.dav <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Auth_MySQL_DB sysadmins Auth_MySQL_Encrypted_Passwords off Require user admin </Limit> </Directory> </VirtualHost> |
# /etc/init.d/apache2 restart |
# apt-get
install phpmyadmin libapache2-mod-php4 Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: apache2-mpm-prefork libapache-mod-php4 php4 php4-mysql Suggested packages: php4-pear php4-gd php5-gd The following packages will be REMOVED: apache2-mpm-worker The following NEW packages will be installed: apache2-mpm-prefork libapache-mod-php4 libapache2-mod-php4 php4 php4-mysql phpmyadmin 0 upgraded, 6 newly installed, 1 to remove and 0 not upgraded. Need to get 1815kB/6220kB of archives. After unpacking 17.3MB of additional disk space will be used. Do you want to continue? [Y/n] y |
# mv /var/www/phpmyadmin /var/www/webdav/phpmyadmin |
<VirtualHost WEB_server_IP_address:80> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav # Hide restricted access to phpmyadmin <Directory /var/www/webdav> IndexIgnore phpmyadmin </Directory> # redirect http://Site_Name/phpmyadmin to https://Site_Name/phpmyadmin redirect /phpmyadmin https://Site_Name/phpmyadmin </VirtualHost> <VirtualHost WEB_server_IP_address:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> # restrict access of phpmyadmin to the sysadmins group <Directory /var/www/webdav/phpmyadmin> Order Deny,Allow Deny From all allow from IP_address, IP_address_range, etc... AuthType Basic AuthName "restricted access to phpmyadmin" Auth_MySQL_DB sysadmins Auth_MySQL_Encrypted_Passwords off require group sysadmins </Directory> <Directory /var/www/webdav> DAV On # DAVSATMaxAreaSize: the size is specificed in kBytes # since each blocks are 4K each # add about 50K above the limit wanted DAVSATMaxAreaSize 150 AuthType Basic AuthName "test" <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Auth_MySQL_DB sysadmins Auth_MySQL_Encrypted_Passwords off Require user admin </Limit> </Directory> </VirtualHost> |
# Hide restricted access to phpmyadmin <Directory /var/www/webdav> IndexIgnore phpmyadmin </Directory> |
# redirect
http://Site_Name/phpmyadmin to
https://Site_Name/phpmyadmin redirect /phpmyadmin https://Site_Name/phpmyadmin |
# restrict access of
phpmyadmin to the sysadmins group <Directory /var/www/webdav/phpmyadmin> Order Deny,Allow Deny From all allow from IP_address, IP_address_range, etc... AuthType Basic AuthName "restricted access to phpmyadmin" Auth_MySQL_DB sysadmins Auth_MySQL_Encrypted_Passwords off require group sysadmins </Directory> |
# mysqladmin
-uroot -p create operators Enter password: # mysqladmin -uroot -p create customers Enter password: delldebian:/home/dom# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 181 to server version: 4.0.24_Debian-10sarge1-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use operators Database changed mysql> create table mysql_auth -> ( -> username char(50) not null, -> passwd char(25), -> groups char(25) -> ); Query OK, 0 rows affected (0.01 sec) mysql> create unique index mysqlauthix1 on mysql_auth(username); Query OK, 0 rows affected (0.02 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql> grant select on operators.* to apache@localhost identified by '1pach2'; Query OK, 0 rows affected (0.00 sec) mysql> insert into mysql_auth (username, passwd, groups) values ('operator','4p2r1t4r','operators'); Query OK, 1 row affected (0.00 sec) mysql> use customers Database changed mysql> create table mysql_auth -> ( -> username char(50) not null, -> passwd char(25), -> groups char(25) -> ); Query OK, 0 rows affected (0.01 sec) mysql> create unique index mysqlauthix1 on mysql_auth(username); Query OK, 0 rows affected (0.02 sec) Records: 0 Duplicates: 0 Warnings: 0 mysql> grant select on customers.* to apache@localhost identified by '1pach2'; Query OK, 0 rows affected (0.00 sec) mysql> insert into mysql_auth (username, passwd, groups) values ('joe','bl4g','customers'); Query OK, 1 row affected (0.00 sec) |
mysql> use
mysql Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> grant all on operators.* to admin@localhost identified by '1dm3n'; Query OK, 0 rows affected (0.01 sec) mysql> grant all on customers.* to admin@localhost identified by '1dm3n'; Query OK, 0 rows affected (0.00 sec) mysql> grant all on customers.* to operator@localhost identified by '4p2r1t4r'; Query OK, 0 rows affected (0.00 sec) |
<VirtualHost
WEB_server_IP_address:80> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav # Hide restricted access to phpmyadmin <Directory /var/www/webdav> IndexIgnore phpmyadmin </Directory> # redirect http://Site_Name/phpmyadmin to https://Site_Name/phpmyadmin redirect /phpmyadmin https://Site_Name/phpmyadmin </VirtualHost> <VirtualHost WEB_server_IP_address:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> # restrict access to phpmyadmin <Directory /var/www/webdav/phpmyadmin> Order Deny,Allow Deny From all allow from IP_address, IP_address_range, etc... AuthType Basic AuthName "restricted access to phpmyadmin" # Auth_MySQL_DB sysadmins Auth_MySQL_DB operators Auth_MySQL_Encrypted_Passwords off # require group sysadmins Require group operators </Directory> # give admins full access to the WebDAV root directory # upload is unlimited <Directory /var/www/webdav> DAV On # DAVSATMaxAreaSize: the size is specificed in kBytes # since each blocks are 4K each # add about 50K above the limit wanted # DAVSATMaxAreaSize 150 AuthType Basic AuthName "test" <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Auth_MySQL_DB sysadmins Auth_MySQL_Encrypted_Passwords off # Require user admin Require group sysadmins </Limit> </Directory> # Give operators full access to the operator directory # but not to the parent directory # upload is limited with quota (DAVSATMaxAreaSize) <Directory /var/www/webdav/downloads> DAV On # since blocks are 4K each add # about 50K above the limit # limit upload size to 2 Gigs (2 000 000K) DAVSATMaxAreaSize 2000050 AllowOverride None Options None AuthType Basic AuthName "Restricted access to the downloads directory" <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Auth_MySQL_DB operators Auth_MySQL_Encrypted_Passwords off Require group operators #!! if you copy this make sure the correct DB is used (Auth_MySQL_DB) </Limit> </Directory> </VirtualHost> |
https://WEB_server_IP_address/downloads |
<VirtualHost WEB_server_IP_address:80> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav # Hide restricted access to phpmyadmin <Directory /var/www/webdav> IndexIgnore phpmyadmin </Directory> # redirect http://downloads.lansa.co.uk/phpmyadmin to https://downloads.lansa.co.uk/phpmyadmin redirect /phpmyadmin https://delldebian.lansa.co.uk/phpmyadmim # restricted access to "/downloads/restricted" directory # require authentication against list of customers <Directory /var/www/webdav/downloads/restricted> AuthType Basic AuthName "Restricted download accesss" Auth_MySQL_DB customers Auth_MySQL_Encrypted_Passwords off require group customers </Directory> </VirtualHost> <VirtualHost WEB_server_IP_address:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> # restrict access to phpmyadmin <Directory /var/www/webdav/phpmyadmin> Order Deny,Allow Deny From all allow from 10.44.10.1 AuthType Basic AuthName "restricted access to phpmyadmin" # Auth_MySQL_DB sysadmins Auth_MySQL_DB operators Auth_MySQL_Encrypted_Passwords off # require group sysadmins Require group operators </Directory> # give admins full access to the WebDAV root directory # upload is unlimited <Directory /var/www/webdav> DAV On # DAVSATMaxAreaSize: the size is specificed in kBytes # since each blocks are 4K each # add about 50K above the limit wanted # DAVSATMaxAreaSize 150 AuthType Basic AuthName "test" <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Auth_MySQL_DB sysadmins Auth_MySQL_Encrypted_Passwords off # Require user admin Require group sysadmins </Limit> </Directory> # give operators full access to the operator directory # but not to the parent directory # upload is limited with quota (DAVSATMaxAreaSize) <Directory /var/www/webdav/downloads> DAV On # since blocks are 4K each add # about 50K above the limit # limit upload size to 2 Gigs (2 000 000K) DAVSATMaxAreaSize 2000050 AllowOverride None Options None AuthType Basic AuthName "Restricted access to the downloads directory" <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Auth_MySQL_DB operators Auth_MySQL_Encrypted_Passwords off Require group operators #!! if you copy this make sure the correct DB is used (Auth_MySQL_DB) </Limit> </Directory> </VirtualHost> |
http://WEB_server_IP_address/downloads/restricted |
Note: as you may have noticed from the above URL, you need to specify the full path including the name of the directory for which the authentication is performed. This is because the restriction directive has the effect of hiding that directory. |
# mkdir
/var/www/webdav/upload # chown www-data:www-data /var/www/webdav/upload |
<VirtualHost WEB_server_IP_address:80> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav # Hide restricted access to phpmyadmin <Directory /var/www/webdav> IndexIgnore phpmyadmin </Directory> # redirect http://downloads.lansa.co.uk/phpmyadmin to https://downloads.lansa.co.uk/phpmyadmin redirect /phpmyadmin https://delldebian.lansa.co.uk/phpmyadmim # restricted access to "/downloads/restricted" directory # require authentication against list of customers <Directory /var/www/webdav/downloads/restricted> AuthType Basic AuthName "Restricted download accesss" Auth_MySQL_DB customers Auth_MySQL_Encrypted_Passwords off require group customers </Directory> </VirtualHost> <VirtualHost WEB_server_IP_address:443> Servername testwebdav.lansa.co.uk Documentroot /var/www/webdav CustomLog /var/log/apache2/access.log combined <IfModule mod_ssl.c> SSLEngine on SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </IfModule> # restrict access to phpmyadmin <Directory /var/www/webdav/phpmyadmin> Order Deny,Allow Deny From all allow from 10.44.10.1 AuthType Basic AuthName "restricted access to phpmyadmin" # Auth_MySQL_DB sysadmins Auth_MySQL_DB operators Auth_MySQL_Encrypted_Passwords off # require group sysadmins Require group operators </Directory> # give operators full access to the operator directory # but not to the parent directory # upload is limited with quota (DAVSATMaxAreaSize) <Directory /var/www/webdav/downloads> DAV On # since blocks are 4K each add # about 50K above the limit # limit upload size to 2 Gigs (2 000 000K) DAVSATMaxAreaSize 2000050 AllowOverride None Options None AuthType Basic AuthName "Restricted access to the downloads directory" <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Auth_MySQL_DB operators Auth_MySQL_Encrypted_Passwords off Require group operators #!! if you copy this make sure the correct DB is used (Auth_MySQL_DB) </Limit> </Directory> # allow customers full access to the upload directory # but not to the parent directory # upload is limited with quota (DAVSATMaxAreaSize) <Directory /var/www/webdav/upload> DAV On # since blocks are 4K each add # about 50K above the limit # limit upload size to 200 Megs (200 000K) DAVSATMaxAreaSize 200050 AllowOverride None Options None AuthType Basic AuthName "Restricted access to the upload directory" <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> Auth_MySQL_DB customers Auth_MySQL_Encrypted_Passwords off Require group customers #!! if you copy this make sure the correct DB is used (Auth_MySQL_DB) </Limit> </Directory> </VirtualHost> |
https://WEB_server_IP_address/upload |
Note: with the above configuration, any customers with a valid user name and password will be able to upload, download, rename and delete files in the upload directory. |
https://WEB_server_IP_address/phpmyadmin |
Talkback: Discuss this article with The Answer Gang
I was born in France and moved to the UK in 1993 - and, believe it or not, have loved it ever since.
Back in 1998, a work colleague suggested I look at Linux when it was just barely a buzz. Something to do in my spare time. I got myself a book with a copy of RH 5.0. A few weeks later Mandrake came out, and I've been hooked on it ever since.
In the recent years, I switched to Debian, and those days the Debian boxes pop up everyhwhere in the company I admin the network for. I use it for Web servers, VPN-firewalls, routers, etc... but that's never enough, as it even made it on our iSeries (also know as AS/400).
In my free time I like snowboarding, listening to house music, and getting a foot into the paranormal.