On Fri, Jul 3, 2009 at 7:49 PM, Lisa Kachold wrote: > Verify your server will allow .htaccess file overrides: > > # locate httpd.conf > # vi /etc/httpd/conf/httpd.conf (or whereever it is) > > Directory configuration in httpd.conf> Well I found the file (just one) but it's zero bytes...? > 1) Directory > Find your section with the tag and add "AllowOverride All" > > > Options FollowSymLinks > AllowOverride All > > > > Refs: http://httpd.apache.org/docs/1.3/mod/core.html#allowoverride > > http://www.sitedeveloper.ws/tutorials/htaccess.htm OK, done, about to reboot...but first... > 2) Security > > Should be fine, but check out this post: > > http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ Ah. 'Kay, just for starters I added: --- # secure htaccess file order allow,deny deny from all --- ALSO: should I assume that an .htaccess file at /var/www will also control access to, say, /var/www/events? THANKS! Jim > 3) Restart > > # apachectl restart > > On Fri, Jul 3, 2009 at 7:12 PM, Jim March <1.jim.march@gmail.com> wrote: >> >> Sigh.  OK, I've got all the IP/router stuff done.  Kewl.  Now to give >> it some password security! >> >> First thing I tried was the security settings within Zoneminder. >> Looked good, got to where login was needed for user "admin" on a >> password I set, cool, except couldn't see any images anymore - local >> or remote.  Checked the security restrictions on user "admin", it's >> supposed to have all possible rights per the ZM management screens. >> WTF?  Turn off login security in ZM and sure enough, I can see my >> cameras again. >> >> God.  Dammit. >> >> Well by now I'm convinced that ZM is buggier than an ant farm anyways, >> so to heck with it, this thing is running Apache, I oughta be able to >> control it there, right? >> >> Heh. >> >> I ask about it on TFUG and Matt was kind enough to provide a link to a >> decent-looking tutorial on Apache security: >> >> On Fri, Jul 3, 2009 at 4:57 PM, Matt Jacob wrote: >> > If you're running Apache as your web server, it's fairly trivial to >> > set up HTTP Basic Authentication: >> > >> > http://httpd.apache.org/docs/2.2/howto/auth.html >> > >> > Matt >> >> Ehhhh...it ain't working. >> >> Hmmmm.  So let's go over what I did, see if I blew it?  (Given I've >> never run the back-end to a website EVER, not unlikely...) >> >> OK, here's exactly what I did: >> >> 1) I figured out where my web-stuff was sitting (including index.html): >> /var/www >> >> 2) I put a file there name of .htaccess containing: >> >> --- >> AuthType Basic >> AuthName "Restricted Files" >> # (Following line optional) >> AuthBasicProvider file >> AuthUserFile /usr/local/apache/passwd/passwords >> Require user zmuser >> --- >> >> 3) I made sure the directory /usr/local/apache/passwd/passwords >> existed with everybody-can-read-it permissions (only root can write). >> >> 4) I ran the command: >> >> sudo htpasswd -c /usr/local/apache/passwd/passwords zmuser >> >> ...and gave it a password DIFFERENT from the user login password (user >> is logging into XUbuntu as zmuser and passwords are NOT default). >> >> And...shouldn't that have done it?  Yet it acts like there's still no >> security at all. >> >> There's directories under /var/www that contain data being served - >> should I copy that .htaccess file down into them? >> >> Note that I don't need separate user access levels for multiple >> users...there's just the shop owner going to use this. >> >> Thanks! >> >> Jim >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > -- > (503)754-4452 wiki.obnosis.com > scientology.obnosis.com > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss