WEBSERVER(1) mrtg WEBSERVER(1)NAME
webserver - hints for web server configuration
SYNOPSIS
If you want people to actually see the results of your network monitoring efforts you will need a webserver.
This document lists some configuration hints for webservers. Contributions welcome.
APACHE
Configuring mod_expire
A big issue with mrtg monitoring data is the expiery time. All these nice graphs you can create are only valid for a short time. If you
do not take special action some webbrowsers will not notice this and you may end up with people seeing old data because of caching issues.
The apache module mod_expire allows you to setup special expiery properties for individual file.
Here is an example for how this may look for an mrtg web directory. The configuration directives can be stored into a .htaccess file.
############################################################
# Example .htaccess for use with apache-1.2 and mod_expire.
# (mod_expire come with apache-1.2 but you have to explicitly
# activate it when compiling the httpd ...)
#############################################################
#
<Files "*-day.png">
ExpiresActive On # enable expirations
# five minutes
ExpiresDefault M300
</Files>
<Files "*-week.png">
ExpiresActive On
ExpiresDefault M1800
</Files>
<Files "*-month.png">
ExpiresActive On
ExpiresDefault M7200
</Files>
<Files "*-year.png">
ExpiresActive On
ExpiresDefault M86400
</Files>
<Files "*.html">
ExpiresActive On
ExpiresDefault M300
</Files>
# index.html is not automatically generated
<Files "index.html">
ExpiresActive Off
</Files>
AUTHOR
Unknown
3rd Berkeley Distribution 2.9.17 WEBSERVER(1)
Check Out this Related Man Page
UPSSET.CONF(5) NUT Manual UPSSET.CONF(5)NAME
upsset.conf - Configuration for Network UPS Tools upsset.cgi
DESCRIPTION
This file only does one job--it lets you convince upsset.cgi(8) that your system's CGI directory is secure. The program will not run until
this file has been properly defined.
SECURITY REQUIREMENTS upsset.cgi(8) allows you to try login name and password combinations. There is no rate limiting, as the program shuts down between every
request. Such is the nature of CGI programs.
Normally, attackers would not be able to access your upsd(8) server directly as it would be protected by the LISTEN directives in your
upsd.conf(5) file, tcp-wrappers (if available when NUT was built), and hopefully local firewall settings in your OS.
upsset runs on your web server, so upsd will see it as a connection from a host on an internal network. It doesn't know that the connection
is actually coming from someone on the outside. This is why you must secure it.
On Apache, you can use the .htaccess file or put the directives in your httpd.conf. It looks something like this, assuming the .htaccess
method:
<Files upsset.cgi>
deny from all
allow from your.network.addresses
</Files>
You will probably have to set "AllowOverride Limit" for this directory in your server-level configuration file as well.
If this doesn't make sense, then stop reading and leave this program alone. It's not something you absolutely need to have anyway.
Assuming you have all this done, and it actually works (test it!), then you may add the following directive to this file:
I_HAVE_SECURED_MY_CGI_DIRECTORY
If you lie to the program and someone beats on your upsd through your web server, don't blame me.
SEE ALSO upsset.cgi(8)
Internet resources:
The NUT (Network UPS Tools) home page: http://www.networkupstools.org/
Network UPS Tools 05/22/2012 UPSSET.CONF(5)