[Owncloud] Configuration for Lighttpd
Thomas Jost
schnouki at schnouki.net
Mon Oct 17 08:55:12 UTC 2011
On Sun, 16 Oct 2011 17:57:15 +0200, Xavier Venient <xavier at toutafon.org> wrote:
> Doesn't seem a good idea, as lighttpd does not support .htaccess files,
> and there's one in data/ that deny access in it.
>
> Now I can get your http://server/owncloud/data/owncloud.db file and
> browse and get files from /owncloud/data/user/.
>
> You'll need at least something like this in your lighttpd config file:
>
> server.modules += ( "mod_auth" )
> auth.backend = "htpasswd"
> auth.backend.htpasswd.userfile = "/etc/lighttpd/htpasswd"
> auth.require = ( "/owncloud/data/" => (
> "method" => "basic",
> "realm" => "private - owncloud data",
> "require" => "user=nousershouldaccessthis"
> )
> )
Hi,
Thanks for pointing that out -- I had ownCloud running without any sort
of access control and was happy it Just Worked™. However I think this is
quite a complicated way to deny access to the data/ folder. Here is what
I added to my config file:
$HTTP["url"] =~ "^/data/" { url.access-deny = ( "" ) }
(requires to load mod_access). Now everyong gets a 403 when trying to
access data/.
This should probably be added to the installation page on the website.
Regards,
--
Thomas/Schnouki
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20111017/032bb2cf/attachment.sig>
More information about the Owncloud
mailing list