How to protect directory var/www in debian? Post: 302739033

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

create a ~/www directory?

Hey, How do I create a ~/www directory in Linux. I want to make a web space for a few perl scripts I need to test. I have an account on a Linux server and I am telnetting to the account from a windows 2000 machine. How can I actually make a virtual directory? I know by creating a www...

2. UNIX for Advanced & Expert Users

resize /var/www (debian)

I have several live websites running in the /var/www/XXXX directory. Initially when I did the Debian install I limited the web directory to 6GB. I am now outgrowing that limit. Question is: Is there a simple way to add space to the web directory??? I'd hate to have to redo the whole...

3. Web Development

var/www/html permissions

Hi, first post. I have no Linux experience. I have an e-friend that set me up a VPS and my website with Apache and FTP access so I could upload my files the way I do it regularly with my shared hosting. The OS in the VPS is Fedora by the way. Now the thing is: http ://www.mydomain.com presents...

4. UNIX for Dummies Questions & Answers

Permissions of the folder var/www

what should be the permissions of the folder var/www in my ubuntu ? I need it to be safe and at the same time I need ftp users to be able to edit it. I was wondering if I should create a group with all permissions and add ftp users to this group in unix. what's the standard way to do it ?...

5. Ubuntu

problem with /var/mail directory

Hi, There is no "administrator" file in "/var/mail" directory........ can any one tell me what could be the reason for that?...and also how to resolve that??? Thanks, ~Kavi

6. SuSE

Suse 8 /var Directory

Hi there, I'm working on a Suse 8 based system and picked up that the crontab was missing. after some investigation i realized that the hole /var directory is missing. :mad: I would like to now if its common for this directory to go missing? Can I copy another Suse 8 /var directory to this...

7. Debian

Help request. FTP user to var/www/html

Hi all. I appologise this is my first post, I will gladly have a further look around to see if this has been posted elsewhere, but so far it has not, or it doesnt quite explain in full what I need. If anyone here can help me out, I would really appreciate this. I want to make sure I do this...

8. HP-UX

Unidentified File on /var Directory

Hi All, I'm having problem with /var directory which is keep increasing. Here's the output of bdf and du command # uname -a HP-UX rppmis1 B.11.11 U 9000/800 1153414645 unlimited-user license # bdf /var Filesystem kbytes used avail %used Mounted on /dev/vg00/lvol8 ...

9. Web Development

$_SERVER['DOCUMENT_ROOT'] directs to /var/www not ~/public_html

Hi all, Exactly like my title says. I am learning PHP and MySQL and I used to use /var/www/ to host (contain or store) my files (.htm/.php) for testing. I could configure, finally, apache2 to use ~/public_html instead. Now I when I tried to use $_SERVER it still directs (I used echo to show...

LEARN ABOUT OPENSOLARIS

upsset.conf

UPSSET.CONF(5)							    NUT Manual							    UPSSET.CONF(5)

NAME

       upsset.conf - Configuration for Network UPS Tools upsset.cgi

DESCRIPTION

       This file only does one job--it lets you convince upsset.cgi(8) that your system's CGI directory is secure. The program will not run until
       this file has been properly defined.

SECURITY REQUIREMENTS

       upsset.cgi(8) allows you to try login name and password combinations. There is no rate limiting, as the program shuts down between every
       request. Such is the nature of CGI programs.

       Normally, attackers would not be able to access your upsd(8) server directly as it would be protected by the LISTEN directives in your
       upsd.conf(5) file, tcp-wrappers (if available when NUT was built), and hopefully local firewall settings in your OS.

       upsset runs on your web server, so upsd will see it as a connection from a host on an internal network. It doesn't know that the connection
       is actually coming from someone on the outside. This is why you must secure it.

       On Apache, you can use the .htaccess file or put the directives in your httpd.conf. It looks something like this, assuming the .htaccess
       method:

	   <Files upsset.cgi>
	   deny from all
	   allow from your.network.addresses
	   </Files>

       You will probably have to set "AllowOverride Limit" for this directory in your server-level configuration file as well.

       If this doesn't make sense, then stop reading and leave this program alone. It's not something you absolutely need to have anyway.

       Assuming you have all this done, and it actually works (test it!), then you may add the following directive to this file:

	   I_HAVE_SECURED_MY_CGI_DIRECTORY

       If you lie to the program and someone beats on your upsd through your web server, don't blame me.

SEE ALSO

       upsset.cgi(8)

   Internet resources:
       The NUT (Network UPS Tools) home page: http://www.networkupstools.org/

Network UPS Tools						    05/22/2012							    UPSSET.CONF(5)