security - Apache: how to protect mod_info output -


i use apache's mod_info display detailed information server setup.

httpd-vhosts.conf

# set path below handled mod_info. show server info.  # work, module must loaded (uncommented in httpd.conf) <location /special/path>    sethandler server-info    order allow,deny    allow 127.0.0.1 </location>

allow from set local machine because on dev machine.

this module allows me see tremendous amount of information navigating /special/path. i'd same benefit on production server, can see output remotely. means need make path publicly accessible of course keep info away prying eyes.

what's practical way protect output? i'm ok static password challenge long password not stored in clear (hashed ok) , not stored in publicly accessible location.

apache 2.4.16

to solve problem, used configuration:

# paths beginning /admin password protected # credentials /path/admin.htpasswd <location /admin>   authtype basic   authname "administrators"   authbasicprovider file   authuserfile "/path/admin.htpasswd"   require valid-user </location>  <ifmodule info_module>     <location /admin/server-info>         sethandler server-info     </location> </ifmodule>

the .htpasswd file contains 1 {username}:{hashed password} per line. eg:

linda:$apr1$hq20v6ox$ukfyont91i1bhcae0yj7b1 eric:$apr1$h4xruuns$hi61jts1nqogi/ehmnc0x0

i used password hash generator htaccesstools.com


-

Comments

Post a Comment

Popular posts from this blog

javascript - Thinglink image not visible until browser resize -

Image
i trying repurpose pre-existing theme, includes drop down menu displays image. trying embed thinglink drop down menu's content section, not visible until resize browser window. here menu looks like: then when clicked, can see empty space image should show: then when browser resized, image appears: this code content of menu: <div class="ajax_accordion_content" style="display: none;"> <div class="report-detail"> <table border="0" cellpadding="0" cellspacing="0" width="100%" class="table_basic"> <tbody> <!-- thinglink image embedded --> <img style="max-width: 100%;" src="http://cdn.thinglink.me/api/image/832705713204625409/1024/10/scaletowidth#tl-832705713204625409;1043138249'" class="alwaysthinglink"/> <script async charset="utf-8" src="http://cdn.thinglink.me/jse/embed.j...
Read more

firebird - Error "invalid transaction handle (expecting explicit transaction start)" executing script from Delphi -

i'm developing update app delphi 10. i'm running windows 7 64x, firebird 2.5.1.26351 32x. execution order: checks current version(select statement firebird database) downloads update(via ftp) apply it(.exe files, , execute .sql) error code -901 pops out when try execute .sql files. know there incompatibility issue w7 64x , fdb 32x, but, can everything: backup , restore(gbak), db commands(all). tried fdb 64x instead, , not working. code: //components fdwaitcursor: tfdguixwaitcursor; fddriverlink: tfdphysfbdriverlink; fdconnection:tfdconnection; fdscript: tfdscript; function tthr_script.createcomponents:boolean; begin try fddriverlink := tfdphysfbdriverlink.create(fddriverlink); fdwaitcursor := tfdguixwaitcursor.create(fdwaitcursor); fdconnection := tfdconnection.create(fdconnection); fdconnection begin drivername := 'fb'; params.username := thrbanco.bduser; params.password := thrbanco.bdpass; params.database := ...
Read more

Sound is not coming out while implementing Text-to-speech in Android activity -

i using texttospeak in 1 of app. while adding speech string texttospeech object instance, doesn't produce sound. though not getting error in log still sound not coming out. want device speak value of textview gets set resultmsg.settext() method. public class resultactivity extends activity { @override protected void oncreate(bundle savedinstancestate){ ............ resultmsg.settext(resultmsg_str); texttospeech = new texttospeech(getapplicationcontext(),newtexttospeech.oninitlistener(){ @override public void oninit(int status) { system.out.println("txt speech status = "+status); system.out.println("txt speech error status = "+texttospeech.error); system.out.println("txt speech success status = "+texttospeech.success); if(status == texttospeech.success){ texttospeech.setlanguage(locale.english); ...
Read more