[PLUG] Directory accessible to http request

Brian Horan bhoran at hexdev.com
Fri Apr 5 17:27:24 UTC 2002


ooooh...

I see a number of issues with this config....
1)	Your cdrom should not be accessable via apache.....
2)	same as number 1
3)	The Alias I was referring to is an Apache directive (in httpd.conf)...not 
the shell alias...under the section <IfModule mod_alias.c>
4)	It looks like you are running RatHed (or redhat -- as you may call it) 
...and it looks like you have a tarball (.tgz or .tar.gz) on the CDROM .. I 
guess IPcop is a full linux install....from what I read at their site....this 
is a full operating system and is not a program....simply a slimmed down 
Linux distro with firewall utilities....it seems that if you want to use it, 
that you should install IPcop on that machine rather than the existing Linux 
install......

If you are looking for a firewall, redhat has various tools for doing this 
that would waste alot less of your time....ipfw of ipchains or something like 
that....I would also recommend installing software from source code, once you 
are comfortable with compiling, etc...

Some things to think about are as follows:
-)remove unnecessary programs and other things from your firewall box.
-)perhaps look into the possibility of using FreeBSD as a firewall....FreeBSD 
(IMHO) has easier kernel configuration and makes a better firewall....there 
is tons of info regarding this on the web.
-)You may be able to do your firewalling with routers/switches, etc depending 
upon your network connectivity....if you need/want a web interface, I can 
write you a small, secure webserver that can give you stats, and help you 
configure the firewall without the overhead of a FULL apache install....
-)firewall configuration should NOT be accesable from outside your network...
because if you can do it, so can someone else....the magic acronym is ACL....
Access Control List....

If you need help with any of this stuff, please feel free to email me 
off-list...bhoran at hexdev.com

sorry about the verbose rant...

-Brian



On Friday 05 April 2002 11:38 am, you wrote:
> On Friday 05 April 2002 08:25 am, you wrote:
> > you can use the <Directory "/absolute/path/to/directory">
> > directives....and make an alias:
> > if you have mod_alias installed as follows:
> > Alias /IPcop/ "/absolute/path/to/ipcop/directory/"
> >
> > to find out what apache modules you have loaded, simply run the httpd
> > executable with a -l argument:
> > /www/bin/httpd -l
> >
> > you may want to limit access to this directory by only allowing traffic
> > from your local network....
> >
> > I'm not very familiar with IPcop....it looks to me as though IPcop is a
> > full linux install, though.....and should do everything you need more or
> > less out of the box....
> >
> >
> > hope this helps....
> > -Brian
>
> t]# ls -la /mnt/cdrom
> total 21433
> dr-xr-xr-x    1 root     root         2048 Jan 16 13:56 ./
> drwxr-x---    7 root     adm          4096 Feb 22 08:16 ../
> dr-xr-xr-x    1 root     root         2048 Jan 16 13:55 bin/
> dr-xr-xr-x    1 root     root         2048 Jan 16 13:56 boot/
> -r-xr-xr-x    1 root     root        17992 Jan 16 13:42 COPYING*
> dr-xr-xr-x    1 root     root         2048 Jan 16 13:42 doc/
> dr-xr-xr-x    1 root     root         2048 Jan 16 13:42 dosutils/
> dr-xr-xr-x    1 root     root         2048 Jan 16 13:56 images/
> -r-xr-xr-x    1 root     root     21908832 Jan 16 13:42 ipcop.tgz*
> dr-xr-xr-x    1 root     root         2048 Jan 16 13:42 lib/
> -r-xr-xr-x    1 root     root         1423 Jan 16 13:42 README.txt*
> [root at My root]# alias /mnt/cdrom  /home/uploads
> bash: alias: `/mnt/cdrom' not found
> bash: alias: `/home/uploads' not found
> [root at My root]#
>
>
> I'm using the /home/uploads as the directory and ipcop-0.1.1 is in
> /mnt/cdrom. Is this what you had in mind? Forgive my ADD/HD.
> Dirk
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug

-- 
Brian Horan
bhoran at hexdev.com




More information about the PLUG mailing list