gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnu-arch-users] Re: webdav take 1 (digest version)

From: Eric S. Johansson
Subject: [Gnu-arch-users] Re: webdav take 1 (digest version)
Date: Mon, 12 Apr 2004 11:05:43 -0400
User-agent: Mozilla Thunderbird 0.5 (Windows/20040207) 
Eric S. Johansson wrote:
played around with it a bit this weekend and this morning. Here's what I have, collected from a few notes on the net plus my own experimentation: 

btw, tested with cadaver.  makes webdave look like ftp.

here is potential digest auth changes.


# The top level DAV directory
# Here we turn DAV on, allow web browser access, and enable only read
# operations. The application realm name can be called anything that pertains to your application.. 

# many of the configuration recipes did not have the combination of
# an alias and directory.  Obvious in hindsight but I will try to
# be the last person to point fingers.

Alias /test /var/webdav/test

<Directory "/var/webdav/test">

# access/authorization.  Have not had a chance to play with digest
# mode yet.  That is next on the list.
# one note, many folks put this access control configuration inside of
# .htaccess and it's probably reasonable in a system which
# is ministered by someone other than you.  We should probably to
# improve this recipe to deny all access to .htaccess to minimize
# the chances of being overridden.

  AllowOverride None


  AuthType Digest
  AuthName "privaloo"
  AuthDigestDomain /test
  AuthDigestFile /var/webdav/users-digest



  DAV On
  Order allow,deny

# I think I have one more allow them is truly necessary.  The second
# item 1 experimentation list.  The options for indices and follow
# symlinks are useful if you want to provide ordinary HTTP access to
# this segment of the file system

  Allow from all
  Options Indexes FollowSymLinks

# what to allow and when.  the only variation I can suggest for this
# is to add a require valid-user in order to restrict read access
# as well
    <Limit HEAD GET POST OPTIONS PROPFIND>
        Allow from all
    </Limit>
    <Limit MKCOL PUT DELETE LOCK UNLOCK COPY MOVE PROPPATCH>
       Allow from all
      require valid-user
    </Limit>

</Directory>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]