Managing your Apache HTTP Web Server Content with mod_dav and mod_ftp William A. Rowe, Jr. ASF Member, httpd and APR projects Sr. Software Engineer, Covalent.

Slides:



Advertisements
Similar presentations
ESUP-Portail: a pure WebDAV-based Network attached Storage Pierre Gambarotto Pascal Aubry.
Advertisements

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
Module 5: Configuring Access to Internal Resources.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
APACHE SERVER By Innovationframes.com »
Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Snippet Management The following screens demonstrate how to: 1. Access and view snippets 2. Create a local standard snippet, or a local class snippet 3.
Virtual Hosts The apache server can handle multiple “web sites” at a time – a web service provider company may have multiple different sites to offer (see.
Linux Operations and Administration
By Jeerarat Boonyanit. As you can see I have chosen Cpanel for my server management tool. cPanel is a Linux based web hosting control panel that provides.
TOPIC 1 – SERVER SIDE APPLICATIONS IFS 234 – SERVER SIDE APPLICATION DEVELOPMENT.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Course 201 – Administration, Content Inspection and SSL VPN
Additional SugarCRM details for complete, functional, and portable deployment.
Module 1: Installing Internet Information Services 5.0.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Web-based Software Development Web-based Distributed Authoring and Versioning Jul 19, 2005 Shin Young Ahn.
1 Web Server Administration Chapter 9 Extending the Web Environment.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Securing Microsoft® Exchange Server 2010
Web application architecture
Prestashop is an open source e-commerce application. It is written in PHP and is based on Smarty template engine. It can incorporate the advantages of.
 2001 Prentice Hall, Inc. All rights reserved. 1 Chapter 21 - Web Servers (IIS, PWS and Apache) Outline 21.1 Introduction 21.2 HTTP Request Types 21.3.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG 11 Kigali, Rwanda May 2010 Dorcas Muthoni Courtesy: Hervey Allen.
Apache HTTP mod_ftp William A. Rowe, Jr. ASF Member, httpd and APR projects Sr. Software Engineer, Covalent Technologies.
Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Web Site Access Control with Apache Fort Collins, CO Copyright © XTR Systems, LLC Web Site Access Control Using the Apache Web Server Instructor: Joseph.
Apache Security Travis Jeffries. Introduction Authentication and Authorization Strict Access Methods Defending against Attacks Bad CGI Programs Apache.
Building Security into Your System Bill Major Gregory Ponto.
Turning Windows 7 into a Web Server Ch 28. Understanding Internet Information Services.
1 Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG X Cairo, Egypt May 2009 Hervey Allen.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
TCOM Information Assurance Management System Hacking.
IT tools to communicate By Suleman Kalam. Podcast What is Podcasts? A podcasts is a downloadable media file which can be downloaded into many electronic.
Apache with SSL and php Apache with ssl support should be the basic platform for providing web services... There are several different implementations.
WAMP Windows Apache MySQL and PHP i.e. “WAMP”. Why WAMP? WampServer is a Windows web development environment. It allows you to create and test web pages.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
WEB SERVER SOFTWARE FEATURE SETS
Web Server Administration Chapter 6 Configuring a Web Server.
Client Access – Published applications Control through TEMPLATE.ICA Use SSL Authentication level –Remove: EncRc5-0 EncRc5-40 EncRc5-56.
VIRTUAL HOSTING WITH PureFTPd And MYSQL (Quota And Bandwidth Management) BY Odoh Kenneth Emeka Sun Yu Patrick Appiah.
Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.
Free Powerpoint Templates Page 1 Free Powerpoint Templates Chapter 4- Server Configuration.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Secure Authentication A Brief Overview PacNOG 6 Workshop Nadi, Fiji Hervey Allen.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Web Server Administration Chapter 6 Configuring a Web Server.
Apache Web Server v. 2.2 Reference Manual Chapter 2 Starting Apache.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
How to use Drupal Awdhesh Kumar (Team Leader) Presentation Topic.
BOF-1147, JavaTM Technology and WebDAV: Standardizing Content Management Java and WebDAV Juergen Pill Team Leader Software AG Remy Maucherat Software Engineer.
Web Technology Seminar
ArcGIS for Server Security: Advanced
Apache web server Quick overview.
Web Development Web Servers.
Introduction to SQL Server 2000 Security
Implementing TMG Server Publishing
Unit 27: Network Operating Systems
File Transfer Protocol
Web Servers / Deployment
APACHE WEB SERVER.
Test 3 review FTP & Cybersecurity
File Transfer Protocol
Presentation transcript:

Managing your Apache HTTP Web Server Content with mod_dav and mod_ftp William A. Rowe, Jr. ASF Member, httpd and APR projects Sr. Software Engineer, Covalent Technologies

The Choices upload scripts content management applications ssh (scp) or nfs/samba filesystems WebDAV (mod_dav) ftpd (strictly using ssl/tls), or mod_ftp

Upload scripts Mostly, they suck Notorious (bugtraq / vuln-dev notoriety) Quite possibly ideal for narrow-focus, tightly controlled applications such as media, photos, web 2.0 updates etc.

CMS Applications Single purposed (not a solution for a diverse author base). Deploy corresponding CMS server agent required by each of the authoring tools. As secure as the design paradigm.

ssh (scp) Secure (Very) Requires 1:1 system accounts to web administrators Keys strongly recommended over password access One more service to administer

nfs/samba Requires 1:1 user:author accounts On the locally deployed server – ideal Sub-par solution for remotely co-located web server infrastructure One more service to administer

WebDAV / mod_dav Does not require 1:1 users to authors Easily secured with https: (ssl/tls) Short of ftp, the mostly widely deployed and flexible authoring solution (no lock-in!)

ftpd for Content Requires 1:1 accounts per web admin (Unless anonymous, which is the worse of two evils) Non-SSL security is worse than no security (packet sniffers, anyone?) One more service to administer

ftp using mod_ftp + tls/ssl Does -not- require 1:1 users / authors. All content is written with the ownership of the user which httpd is running as (same as mod_dav). Passwords and content, are all secured on the wire with implicit or explicit ssl.

The Criteria Single administrative solution Secure / Encrypted transactions (ssl/tls) Apache HTTP security context (httpd managed users, not system accounts)

The bottom line – our Authors Lenya, Slide, Vignette & many more clients, including MS Web Folders and MS Office all support WebDAV More ancient clients will support ftp Flexibility without frequent server-side installation churn

The Solutions mod_dav – the modern connector mod_ftp – the legacy connector Add mod_ssl – avoid plaintext over the wire for either protocol Single security-context for content

mod_dav_fs mod_dav is simply a protocol mod_dav_fs does the heavy 'filesystem' lifting of file content – and locking You must leverage both modules! See conf/extras/httpd-dav.conf

mod_ftp Here – but not yet here will keep you up to date with it's first releasehttp://httpd.apache.org/modules/ Not for the timid, but for the impatient:

Authorization Options For few authors, mod_authz_username For many, mod_authz_dbd/dbm/ldap help manage the users

Permissions and Ownership Apache defaults to User Nobody For authoring, use a generally low- privilege account e.g. “webauthor” Must have read/write to the web contents

More Secure Permissions Consider two httpd instances, author and user instances, two separate Users Short of 'perchild' MPM – these must be physical (IP-based) vhosts. (For SSL, they must be IP based vhosts anyways).

Trouble for Authors GET is not GET, for authors Options Includes, and Set/AddHandler GET /doc.shtml produces the combined document – not what the author wants!

A real GET EITHER Create a, e.g. Create an Alias/, e.g.

GETting true files In either case SetHandler default-handler This provides a true GET, but for ScriptAlias hint - Don't use ScriptAlias

Trouble : Incompatibilies Client incompatibility Some hints are in httpd.conf, others are found in extra/httpd-dav.conf Google is your friend; new releases mean newly incompatible behaviors

considered harmful Two 's will not be aggregated! is not a proper container, it is for a limited subset of auth directives You may have only one But when you violate the rules – httpd is...

A surprise Named hosts are looking at ServerName and ServerAlias. IP Based hosts are looking at port and number. When not matched, the content is served by the first vhost... so make it a stub

Ports and Host Names DAV is simply http/https – usual port 80/443 mod_ftp typically listens on 21 – or 990 for pure Implicit TLS BUT – mod_ftp requires a second port!

Data Connections for FTP Apache running as Nobody/Untrusted user can't use the default port 20 data!

Good References

Educational Links _of_FTP_clients

Contact and Followup IRC help at irc.freenode.net #apache Peer help at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.