I followed these instructions on FC4 + Apache 2.x and it didn't work. I
get prompted for a password, but it doesn't accept it. I repeated
several times, but it didn't work. Here is what I did:
# htpasswd -c /usr/local/sbin/httpd-passwords MYUSER
# chown apache.apache /usr/local/sbin/httpd-passwords
# chmod 640 /usr/local/sbin/httpd-passwords
# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/mythweb">
Options Indexes FollowSymLinks
AuthType Basic
AuthName "MythTV"
AuthUserFile /usr/local/sbin/httpd-passwords
Require MYUSER
Order allow,deny
Allow from all
</Directory>
# service httpd restart
Any thoughts?
Frank Lynch wrote:
On 9/1/05, Justin Hornsby <[EMAIL PROTECTED]> wrote:
Frank Lynch wrote:
Hi Folks,
I'm really starting to like my MythTV box, this is a great project!
In case its relevant I'm running myth 18.1 on Fedora Core 4.
I'd like to be able to access mythweb from the public Internet (so
that I can schedule recordings when I'm not at home etc..). With this
in mind I cretaed an account with dyndns.org, and configured port
forwarding on my router.
I'm guessing that my next step should be to harden my Apache
configuration? should I enable https? are there any other precautions
that I should be taking? The last thing I want is some dirty hacker
having their evil-way with my mythbox!
If this covered in a howto or some other doc I'd appreciate a pointer.
I searched, but I couldn't find anything that covers this specific
topic... I saw the article on tunnelling through ssh[1], but I'd
rather have a solution that my wife could use (she can certainly use a
https site with a user name/password, but its a bit much to ask her to
tunnel over ssh).
thanks,
--Frank
I use just standard apache2 - no https... but the password is apparently
random chars, so no script kid is gonna get to it without really trying
hard.
You can change the port apache runs on, but then that might make
accessing it from work a problem (depending on your workplace's
proxy/firewall etc).
I get the occasional hack attempt, but so far the worst that has
happenned is a DoS (ping of death?) attack which crashed my router.
I'm sure there will be people who'll say what I'm doing isn't secure
enough, and I agree it's not the most secure way to do things - but it
works for me, and has done for a long time. I know the risks...
I look in the logs every week, and from what I've seen in there the
majority of accesses from random IP addresses seem to just be
botnets/kids looking for easy exploits.
It'll be interesting to see what everyone else does though ;-)
Justin.
Thanks Justin, I just found a howto on this:
http://www.mythtv.info/moin.cgi/SecuringMythWebHowTo?action=highlight&value=CategoryHowTo
It sounds like a very similar approach to yours... I think I'll give
this a try tonight.
cheers,
--Frank
_______________________________________________
mythtv-users mailing list
[email protected]
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
_______________________________________________
mythtv-users mailing list
[email protected]
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
