Do, or do not. There is no ‘try’ |

Archive for August 29th, 2007

Aug/07

29

Apache Disabling users from publishing web contents

No comments · Posted by nguyen in Linux Docs

Disabling users from publishing web contents

The default Apache installation in Debian permits users to publish content under the $HOME/public_html. This content can be retrieved remotely using an URL such as: http://your_apache_server/~user.

If you do not want to permit this you must change the /etc/apache/http.conf configuration file commenting out (in Apache 1.3) the following module:

LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so

If you are using Apache 2.0 you must remove the file /etc/apache2/mods-enabled/userdir.load or restrict the default configuration by modifying /etc/apache2/mods-enabled/userdir.conf.

However, if the module was linked statically (you can list the modules that are compiled in running apache -l) you must add the following to the Apache configuration file:

Userdir disabled

An attacker might still do user enumeration, since the answer of the web server will be a 403 Permission Denied and not a 404 Not available. You can avoid this if you use the Rewrite module.

Enable way

Enable apache modules under Debian based system

2. Adding modules:

Now, taking into account the strucutre of apache, it is pretty easy to add modules to be loaded by apache. Let’s assume that you want to add mime_magic module. To do so, you can either:

* add it by hand:

$cd /etc/apache2/mods-enabled
$ sudo ln -s ../mods-available/mime_magic.conf mime_magic.conf
$sudo ln -s ../mods-available/mime_magic.load mime_magic.load

OR

* add it the debian way with a2enmod:

$sudo a2enmod
Which module would you like to enable?
Your choices are: actions asis auth_anon auth_dbm auth_digest auth_ldap cache cern_meta cgid cgi dav_fs dav deflate disk_cache expires ext_filter file_cache headers imap include info ldap mem_cache mime_magic php5 proxy_connect proxy_ftp proxy_http proxy rewrite speling ssl suexec unique_id userdir usertrack vhost_alias
Module name? mime_magic
Module mime_magic installed; run /etc/init.d/apache2 force-reload to enable.

That’s it, your module will now be loaded next time you start apache. You can actually avoid restarting apache, by asking it to simply reload its configuration:

$ sudo /etc/init.d/apache2 reload

And here you go, your new added module is included in apache.

No tags

Find it!

Designed by devolux
To top