LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-10-2006, 10:29 AM   #1
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 670
Blog Entries: 7

Rep: Reputation: 31
Password Protect Web Dir


Hi
Ive got NTOP running on port 5000, but Ive also allowed access through the public interface "Since I wana check out on ntop while on being at the office". I want to password protect entry to the ntop page which is http://myip:5000 . I know how to do that if I had an ntop dir in the www dir. But I dont know how to do it if the address is based upon a port number. Any hints please.

Thx for your suggestions
 
Old 08-10-2006, 11:33 AM   #2
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Rep: Reputation: 30
What if you create an alias in httpd.conf and just put an .htaccess in there?
 
Old 08-10-2006, 01:11 PM   #3
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 670

Original Poster
Blog Entries: 7

Rep: Reputation: 31
you mean in the ntop directory ?
 
Old 08-10-2006, 01:28 PM   #4
Super7
Member
 
Registered: Mar 2006
Location: Oakville
Distribution: Mandrake
Posts: 37

Rep: Reputation: 15
yes

thats what he most likely means. create a .htaccess file in that directory.

http://httpd.apache.org/docs/1.3/howto/htaccess.html
 
Old 08-10-2006, 01:45 PM   #5
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Rep: Reputation: 30
Yes, I don't know if you use Apache but there is a module calles mod_proxy I believe, in there you can do something like
ProxyPas /ntop/ htttp://localhost:ntopport
and use a Directory estructure like
<Directory>
Allowoverride AuthConfig Limit
</directory>

in your httpd.conf

then just add your .htaccess file something like

AuthName "whatever"
AuthUserFile /security/users
AuthGroupFile /dev/null
AuthType Basic
<limit get put post>
order deny,allo
deny from all
allow from {youripfromwork}
</limit>

restart apache and I belive that would do it. Let me know.
 
Old 08-10-2006, 02:32 PM   #6
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 670

Original Poster
Blog Entries: 7

Rep: Reputation: 31
Thx for the info..I will try that and report my feedback
 
Old 08-10-2006, 04:56 PM   #7
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 670

Original Poster
Blog Entries: 7

Rep: Reputation: 31
Ok guys..thx for you support..
To activate password protection for ntop use the following command in the console:
ntop --set-admin-password=password
After that access ntop through the web interface and go to the ADMIN section, inside that section it is easily possible to set the pages that you want to be password protected and to create users that are able to use those pages. If url / is set as password protected all the pages will be directly password protected.

Thx for the support again
 
Old 08-10-2006, 06:23 PM   #8
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Rep: Reputation: 30
I thoght you wanted something extra cause I don't know how secure that admin password is, the other way I told you about, you don't need to open a second port, you can re-route your localhost through apache. Take a look at it if you have problems. Good luck.
 
Old 08-11-2006, 09:52 AM   #9
ALInux
Member
 
Registered: Nov 2003
Location: Lebanon
Distribution: RHEL 5/CentOS 5/Debian Lenny/(K)Ubuntu Is Dead/Mandriva 10.1
Posts: 670

Original Poster
Blog Entries: 7

Rep: Reputation: 31
Iam running ntop on ssl so it ought to be secure, however I will try it the other way around..Iam sure I will need to implement it sometime in the future..
 
Old 08-11-2006, 01:16 PM   #10
isuck@linux
Member
 
Registered: Jun 2006
Distribution: messed up debian
Posts: 250

Rep: Reputation: 30
I'll make your life easier since I already when through the pain.

Get your apache's version source.
untar file mod_proxy.c, proxy_http.c, proxy_utils.c
compile them apxs -i -a -c mod_proxy.c mod_util.c
compile apxs -i -a -c proxy_http.c
edit httpd.conf
make sure LoadModules are correctly stated in your httpd.conf

Add these lines (by Luca Deri) in your virtualhost or apache host

<VirtualHost *:443>

############################################################
###### ALL TRAFFIC ON 443 ( HTTPS )
############################################################

# change: address of web admin
ServerAdmin webmaster@localhost
SSLEngine On
# change: where is ssl certificate on your machine?
SSLCertificateFile /etc/apache2/ssl/apache.pem



# change: paths for logs (error and custom)
ErrorLog /var/log/apache2/error.log
# choose one LogLevel value: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined


ServerSignature On

### PATCH SUGGESTED BY NESSUS ABOUT TRACE ATTACKS
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]


#### NTOP (PROXY REVERSE) ########

ProxyHTMLLogVerbose On
LogLevel warn
ProxyHTMLExtended On


ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>


ProxyPass /ntop/ http://localhost:3000/
ProxyPassReverse /ntop/ http://localhost:3000/

<Location /ntop/>
SetOutputFilter proxy-html
ProxyHTMLURLMap / /ntop/
ProxyHTMLURLMap /ntop/plugins/ntop/ /ntop/plugins/
RequestHeader unset Accept-Encoding
</Location>


</VirtualHost>

save it, restart it and should be working.

There you go, you have a document when you decide to do it. Thanks to all the guys that helped!

check this websites too:

http://www.ntop.org/UsageNotes.html
http://wiki.ntop.org/mediawiki/index...verse.29_proxy
http://www.apacheweek.com/features/r...roxies#running
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password protect souvik Programming 3 11-06-2015 02:35 PM
PHP password protect entire web directory newuser455 Programming 1 06-10-2006 02:22 PM
How do I password protect ~/public_html on the web? brynjarh Linux - Security 2 03-29-2006 02:11 PM
Apache 2.0, I want to list dir contents & password protect... Scrag Linux - Software 3 02-10-2005 12:38 PM
How to password protect a web directory abdulber Linux - Software 1 01-28-2004 12:34 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:58 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration