On Sun, 16 Oct 2011 17:57:15 +0200, Xavier Venient <[email protected]> wrote: > Doesn't seem a good idea, as lighttpd does not support .htaccess files, > and there's one in data/ that deny access in it. > > Now I can get your http://server/owncloud/data/owncloud.db file and > browse and get files from /owncloud/data/user/. > > You'll need at least something like this in your lighttpd config file: > > server.modules += ( "mod_auth" ) > auth.backend = "htpasswd" > auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswd" > auth.require = ( "/owncloud/data/" => ( > "method" => "basic", > "realm" => "private - owncloud data", > "require" => "user=nousershouldaccessthis" > ) > )
Hi,
Thanks for pointing that out -- I had ownCloud running without any sort
of access control and was happy it Just Worked™. However I think this is
quite a complicated way to deny access to the data/ folder. Here is what
I added to my config file:
$HTTP["url"] =~ "^/data/" { url.access-deny = ( "" ) }
(requires to load mod_access). Now everyong gets a 403 when trying to
access data/.
This should probably be added to the installation page on the website.
Regards,
--
Thomas/Schnouki
pgpZfSti5pwvA.pgp
Description: PGP signature
_______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
