[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I secure Apache Alias and ScriptAlias directives?

Subject: Re: How do I secure Apache Alias and ScriptAlias directives?
From: Dan Shoop <email@hidden>
Date: Wed, 31 Jan 2007 16:19:23 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden

At 1:31 PM -0500 1/31/07, Tim Rodgers wrote:

Hi, everyone,
I'm not an admin and I appreciate your help.
Our server (10.4.8) is open to the Internet and we run SSL for secure HTTP and IMAP access for people with user accounts on the server. https requests are directed to /Library/WebServer/Secure. We're a virtual company so all server access happens over the Internet.

I've installed moinmoin (Wiki) which I need to make available only to our user accounts so I want to put it behind https requests. Aside from security problems, moinmoin is working very nicely.

Moinmoin gets installed in, for example, /usr/local/share. For Apache to reach it, I've added two lines like these to the mod_alias section of httpd.conf:
    Alias /wiki/ "/usr/local/share/moin/htdocs/"
    ScriptAlias /mywiki "/usr/local/share/moin/mywiki/moin.cgi"
Now the Wiki is reachable at www.myserver.com/mywiki. Because these aliases are defined in httpd.conf, in the plain old mod_alias section, the Wiki can be reached by either http or https requests and I can't allow that.


This is the wrong place for defining things in OS X Server.

The default "server" defined in httpd.conf is not a server that's generally used. (It's actually really defined for servver-status.) Instead you normally create virtual hosts (preferably using Server Admin, and then can use that to create restrictions based on users and/or groups.

I'd suggest you read the OS X Server docs, create a virtual host for this domain, point it to your directory (which I'd recommend *not* be in /usr at all but someplace like /www or /htdocs) and then restrict it to a realm.

I've tried nesting <IfModule mod_ssl.c> inside <IfModule mod_alias.c> but that didn't work after an 'apachectl graceful'.

I'm not sure nesting like this works. Normallhy there'd be no need for this anyway. --

-dhan

------------------------------------------------------------------------
Dan Shoop                                                   AIM: iWiring
Systems & Networks Architect                      http://www.ustsvs.com/
email@hidden                                http://www.iwiring.net/
1-714-363-1174

"The wise man doesn't give the right answers, he poses the right
questions." -- Claude Levi-Strauss

------------------------------------------------------------------------

iWiring provides systems and networks support for Mac OS X, unix, and
Open Source application technologies at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

References:
	>How do I secure Apache Alias and ScriptAlias directives? (From: Tim Rodgers <email@hidden>)

Prev by Date: Re: Tape Based Backup
Next by Date: Re: mailman move
Previous by thread: Re: How do I secure Apache Alias and ScriptAlias directives?
Next by thread: Tomcat on Mac OS X server: requested resource not available?
Index(es):
- Date
- Thread

Home