Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access control needs Apache httpd #76

Open
rohieb opened this issue Aug 27, 2017 · 5 comments

Comments

@rohieb
Copy link

commented Aug 27, 2017

As I understand, the access control option only writes .htaccess and .htdigest files, which should be interpreted by the web server. However, when using e.g. nginx, these files simply get ignored. Is there a good solution how to implement access control without Apache?

@LeSpocky

This comment has been minimized.

Copy link

commented Sep 20, 2017

The auth module of lighttpd supports those files. And as far as I can tell by https://www.nginx.com/resources/wiki/modules/auth_digest/ nginx also supports http digest auth (which should be preferred over basic auth) and also with those files.

@rohieb

This comment has been minimized.

Copy link
Author

commented Sep 20, 2017

Ah, thank you for the hint!

@josch

This comment has been minimized.

Copy link
Contributor

commented Dec 19, 2017

@rohieb Did you get dudle to work with nginx? Could you post your config?

@rohieb

This comment has been minimized.

Copy link
Author

commented Dec 19, 2017

@rohieb

This comment has been minimized.

Copy link
Author

commented Oct 3, 2018

Hm. I've looked at the 3rd party nginx module, but it currently seems to be in a rather bad shape:

general (in)security
- OOM conditions in the shm segment are not handled at all well at the moment leading to an
  easy DOS attack (presuming the shm size is set low enough to be exhaustible within the timeout
  + expire interval). Valid nonces are added to the shm and expired seconds or minutes later. 
  Once the shm is full no new nonces can be remembered and all auth attempts will fail until
enough space has been claimed through expiration.

I don't htink I want to install it on my server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.