[mythtv-users] safely exposing mythweb to the net.
Zak
onlydarksets at mahshie.net
Fri Sep 2 00:39:12 UTC 2005
I followed these instructions on FC4 + Apache 2.x and it didn't work. I
get prompted for a password, but it doesn't accept it. I repeated
several times, but it didn't work. Here is what I did:
# htpasswd -c /usr/local/sbin/httpd-passwords MYUSER
# chown apache.apache /usr/local/sbin/httpd-passwords
# chmod 640 /usr/local/sbin/httpd-passwords
# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/mythweb">
Options Indexes FollowSymLinks
AuthType Basic
AuthName "MythTV"
AuthUserFile /usr/local/sbin/httpd-passwords
Require MYUSER
Order allow,deny
Allow from all
</Directory>
# service httpd restart
Any thoughts?
Frank Lynch wrote:
>On 9/1/05, Justin Hornsby <justin.hornsby2 at ntlworld.com> wrote:
>
>
>>Frank Lynch wrote:
>>
>>
>>>Hi Folks,
>>>I'm really starting to like my MythTV box, this is a great project!
>>>In case its relevant I'm running myth 18.1 on Fedora Core 4.
>>>
>>>I'd like to be able to access mythweb from the public Internet (so
>>>that I can schedule recordings when I'm not at home etc..). With this
>>>in mind I cretaed an account with dyndns.org, and configured port
>>>forwarding on my router.
>>>
>>>I'm guessing that my next step should be to harden my Apache
>>>configuration? should I enable https? are there any other precautions
>>>that I should be taking? The last thing I want is some dirty hacker
>>>having their evil-way with my mythbox!
>>>
>>>If this covered in a howto or some other doc I'd appreciate a pointer.
>>>I searched, but I couldn't find anything that covers this specific
>>>topic... I saw the article on tunnelling through ssh[1], but I'd
>>>rather have a solution that my wife could use (she can certainly use a
>>>https site with a user name/password, but its a bit much to ask her to
>>>tunnel over ssh).
>>>
>>>thanks,
>>>--Frank
>>>
>>>
>>I use just standard apache2 - no https... but the password is apparently
>>random chars, so no script kid is gonna get to it without really trying
>>hard.
>>
>>You can change the port apache runs on, but then that might make
>>accessing it from work a problem (depending on your workplace's
>>proxy/firewall etc).
>>
>>I get the occasional hack attempt, but so far the worst that has
>>happenned is a DoS (ping of death?) attack which crashed my router.
>>
>>I'm sure there will be people who'll say what I'm doing isn't secure
>>enough, and I agree it's not the most secure way to do things - but it
>>works for me, and has done for a long time. I know the risks...
>>
>>I look in the logs every week, and from what I've seen in there the
>>majority of accesses from random IP addresses seem to just be
>>botnets/kids looking for easy exploits.
>>
>>It'll be interesting to see what everyone else does though ;-)
>>
>>Justin.
>>
>>
>
>Thanks Justin, I just found a howto on this:
>http://www.mythtv.info/moin.cgi/SecuringMythWebHowTo?action=highlight&value=CategoryHowTo
>It sounds like a very similar approach to yours... I think I'll give
>this a try tonight.
>cheers,
>--Frank
>_______________________________________________
>mythtv-users mailing list
>mythtv-users at mythtv.org
>http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>
>
More information about the mythtv-users
mailing list