Re: webserver strangeness.

From: Pete Nesbitt (pete_at_linux1.ca)
Date: 07/08/04

  • Next message: Juris Krumins: "Re: sample yum.conf for RH9?" 
    To: General Red Hat Linux discussion list <redhat-list@redhat.com>
Date: Wed, 7 Jul 2004 21:08:23 -0700

    On July 7, 2004 08:19 pm, Steve wrote:
    > Standard ES 3 with httpd
    >
    > updates applied
    >
    > I have setup an upload area and enabled WebDAV, I've added an htaccess
    > type entry to <Limit> GET requests to anonymous users (anyone can view the
    > URLs) and then added a further <Limit> for all other directives to be
    > allowed after authenticating only.
    >
    > The reason for this (as everyone seems to be asking me "why bother" is
    > that I need to find an easy way to upload a few thousand photos and add
    > them into a gallery, the gallery software allows either "groups of 10
    > files to be uploaded" or a URL to be supplied that it will wander off to
    > and suck down the photos.
    >
    > Due to ease of explaining how things work to end users, it was decided to
    > create a simple system using webdav so uploads can be done as if the site
    > were a hard drive then they put in the URL "uploads.blah.com" into the
    > gallery system and it will suck their photos across.
    >
    > I tried sucessfully to make the DAV folder under the main site but the
    > gallery URL suck became confused for some reason and required the images
    > to be in the root of the web structure.
    >
    > It appears that someone within the organisation that sets up the
    > httpd.conf decided that disableing indexes by default within apache was
    > not enough to stop stupid admins from displaying their directory structure
    > to the world (despite the fact that you had to actually enable this option
    > to doso) - so they would also do a location rewrite if the url requested
    > was the root of the web site and the file served was not one of the
    > index files.
    >
    > #<LocationMatch "^/$>
    > # Options -Indexes
    > # ErrorDocument 403 /error/noindex.html
    > #</LocationMatch>
    >
    > I have since disabled this (IMHO - Braindead) option and restarted apache.
    > However, I am still getting a random "forbidden" rule and redirect if I
    > try to goto the root of my upload vhost.
    >
    > My Config for this vhost is..
    >
    > <Directory "/var/www/vhost/uploads">
    > DAV On
    > Options Indexes FollowSymLinks MultiViews
    > AllowOverride all
    > AuthType Basic
    > AuthName jany
    > AuthUserFile /var/www/vhost/htpasswd
    > AuthGroupFile /dev/null
    > <Limit GET>
    > Order allow,deny
    > Allow from all
    > </Limit>
    > <Limit POST PUT CONNECT OPTIONS DELETE PATCH PROPFIND PROPPATCH MKCOL
    > COPY MOVE LOCK UNLOCK>
    > Require valid-user
    > </Limit>
    > </Directory>
    >
    > Document Root is set to..
    >
    > DocumentRoot /var/www/vhost/uploads
    >
    > I have just spent the past hour scouring through the httpd.conf file
    > trying to find any reference to a redirect to a forbbiden document or an
    > index document and I cant find anything. I have set "Indexes" as an option
    > on every <Directory> Idirective I can find in the vain hope that it was
    > something else.
    >
    > <rant>
    > Whoever in their right mind dreamed up the idea that disabling indexes and
    > making it near on impossible to re-enable them needs a freakin bullet to
    > the head !!! if an admin makes a concious decision to allow a function to
    > happen outside default spec then WHY MAKE IT FREAKIN NEAR ENOUGH TO
    > IMPOSSIBLE TO DOSO ?????
    > </rant>
    >
    > Ok, so ranting probably doesnt help but I have hardly any hair left.
    >
    > god, its things like this that almost make you want to go back to using
    > IIS or Apache 1.3 - at least they bloody work !.
    >
    > --
    > Steve.

    HI,
    This sounds like a configuration problem, not an issue with Apache per-say.

    Is your problem with WebDAV access or with browser access or both?

    Have you tried this below the DocumentRoot, I remember having a problem trying
    to set up DAV at DocRoot, but it was a while ago and I don't have access to
    the machine right now, so I can't confirm exactly what was the problem (or
    how i resolved it).

    Just some thoughts... 

    -- 
Pete Nesbitt, rhce
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Juris Krumins: "Re: sample yum.conf for RH9?"

    Relevant Pages

    • Re: Secure an upload page
      ... given the high rate of probing with WebDAV verbs ... > The most secure way to do downloads might be to use NTFS file permissions, ... >> Need some advice on how to secure an upload page ... >> I have however added a user in the FP extensions but I ...
      (microsoft.public.inetserver.iis.security)
    • Re: How to enable HTTP PUT without WebDAV ?
      ... Will try something different to upload files. ... Or use ftp -- unless webdav blocks that aswell. ... > different instances of UrlScan installed as site filters, ... > unless all configurations are identical. ...
      (microsoft.public.inetserver.iis)
    • Re: Grundsatzfrage
      ... das Hochladen erfolgt über das WEB. ... Ich kann also WebDav nicht ... Was verstehst du denn jetzt genau unter "Upload von Dateien"? ...
      (microsoft.public.de.inetserver.iis)
    • II6 / Frontpage 2003 -Download von Dateien via Webdav - ein Sicherheitsproblem??
      ... Frontpage 2003 unterstützt den Upload von Dateien via Webdav. ... Sicherheit der Webpräsenz auswirken. ...
      (microsoft.public.de.inetserver.iis)
    • Re: Help with image display
      ... >I was able to upload the file to the "users" directory using Dreamweaver. ... >> I took the file and copied it to the root level. ... >>> When it is in the staging area, ... if I right click on the little square on my viewing page that is ...
      (comp.lang.php)