Re: [users@httpd] Recommended best practices or guides

On 29.09.20 16:33, Niranjan Rao wrote: > Greeting, [...] > Are there any recommended best practices or guides to allow these kinds of > granular permissions? My searches so far has revealed commands using sudo. > > > Regards, > > > Niranjan Unfortunately sudo supports no regular expressions.

Re: [users@httpd] Apache and nextcloud - insecure ?

Hi Bernd, very short answer to 1.: Yes, you want to write data there. Hence you need rite privileges. Make sure, privileges of www-data are restricted to that directory, you will be fine. Off topic about 2.: Consider using ownCloud, because it has .deb repo, you can get updates if you want to.

Re: [users@httpd] Failure to start apache2 after SSL cert update.

through 'openssl md5' to get the modulus md5 sum. Martin -- Martin Drescher Manfred-von-Richthofen-Strasse 223 12101 Berlin VoIP: +49 30.609 88 293 Email: USt-IdNr. DE211832267 GnuPG Key Fingerprint, KeyID '4FBE451A': '2237 1E95 8E50 E825 9FE8 AEE1 6FF4 1E3

Re: [users@httpd] Is it possible to have in Apache 2.4 VirtualHosts, each with its own SSLProtocol ?

Marian, as far as I understand (educated guess!), the 'server_name' is sent during TLS handshake, but after server & client have agreed to a TLS version. Hence, I would expect, that a client which prefers TLS 1.2 will never see 'second.server.on.my.domain'. Which may exactly be what you want. H

[users@httpd] Issue with 'Require expr' and pattern indents

Hi list, I'm not sure if this may be a bug or a lack of understanding on my side. I do access control for various 's like this: ---8<--- Require expr %{HTTP:X-SSL-Client} in { \ '/DC=com/CN=Fool me not', \ '/C=DE/O=MyCompany/CN=Some Dude' \ } Require expr

[users@httpd] Solved: [users@httpd] Setting REMOTE_USER to %{SSL:HTTP_SSL_CLIENT_S_DN_CN}

using mod_rewite: [...] RewriteEngine On RewriteCond %{HTTP:X-Forwarded-SSL_CLIENT_S_DN_CN} (.*) RewriteRule ^.*$ - [E=REMOTE_USER:%1] [...] Caution: The backend server trusts the reverse proxy requests fully! Sanitize your headers carefully there. Martin - -- Martin Drescher GnuP

Re: [users@httpd] Setting REMOTE_USER to %{SSL:HTTP_SSL_CLIENT_S_DN_CN}

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/11/12 14:35, Mark Montague wrote: > On November 5, 2012 6:32 , Martin Drescher > wrote: >> I would like to set the REMOTE_USER environment to the value of >> %{HTTP_SSL_CLIENT_S_DN_CN}. After reading the fine manual e few

[users@httpd] Setting REMOTE_USER to %{SSL:HTTP_SSL_CLIENT_S_DN_CN}

} (.+) RewriteRule ^.*$ - [E=REMOTE_USER:$1] Tried some variations, but it does not :-( Could someone help me out with this? Thanks, Martin - -- Martin Drescher GnuPG Key Fingerprint, KeyID '4FBE451A': '2237 1E95 8E50 E825 9FE8 AEE1 6FF4 1E34 4FBE 451A' -BEGIN PGP SIGNATURE