Protect unprotected websites with dhis2-tools-ng #19
Comments
|
Hello Kfeina, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Hello,
If I'm not wrong, some websites like /munin or /project-glowroot are visible to the public internet.
This is not a big security issue but maybe someone could get valuable information about our systems.
To protect those web directories we could do it via htpasswd
For example:
mkdir /etc/apache2/htpasswd
htpasswd -c /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd admin
or (if inside an script): htpasswd -b -c /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd admin testpassword
And inside /etc/apache2/upstream, for each project to protect:
//////////////////////////////////////////////
<Location /tomcat1-glowroot>
#Require all granted
Require user admin
AuthType Basic
AuthName "Protected site"
AuthUserFile /etc/apache2/htpasswd/tomcat1-glowroot-htpasswd
ProxyPass "http://192.168.0.14:4000/tomcat1-glowroot"
ProxyPassReverse "http://192.168.0.14:4000/tomcat1-glowroot"
//////////////////////////////////////////////
For Munin we could do something like:
htpasswd -c /etc/apache2/htpasswd/munin-htpasswd admin
And inside /etc/apache2/upstream
<Location /munin>
# Require all granted
Require user admin
AuthType Basic
AuthName "Protected site"
AuthUserFile /etc/apache2/htpasswd/munin-htpasswd
ProxyPass "http://192.168.0.30/munin"
ProxyPassReverse "http://192.168.0.30/munin"
What do you think ? Does it make sense ?
Regards.
The text was updated successfully, but these errors were encountered: