| View previous topic :: View next topic |
| Author |
Message |
VeeDub
-
Joined: 20 Sep 2007
Posts: 5
|
 Posted: Thu Sep 20, 2007 5:33 am Post subject: Configure Web File Browser to use authentication |
 |
|
Hi,
Initially I setup Aprelium without the Web File Browser (as per the FAQ).
The permissions worked properly but I could not upload files.
I have now added the Web File Browser which works fine, but an anonymous user has full access to the directory tree, the permissions are being ignored.
I can see on the Web File Browser site that it is possible to configure permissions, but cannot see an example for Aprelium ... is a document available?
Thanks
VW |
|
| Back to top |
  |
 |
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Thu Sep 20, 2007 8:23 am Post subject: |
|
|
In access control set the virtual path to the location of the script or folder to protect, then add a username and password in (from users and groups) to protect it. Click OK and restart then try accessing the page again. You should be prompted for a username and password before you can access the script.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
 |
|
VeeDub
-
Joined: 20 Sep 2007
Posts: 5
|
| Posted: Thu Sep 20, 2007 11:08 am Post subject: |
|
|
Hi Andy,
Before I implemented the "Web File Browser" script that is how it worked. But now any user has full access to the directory tree.
I have a directory called test and I have placed access control on that directory with Allow/Deny.
An anonymous user can browse that directory.
VW |
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Thu Sep 20, 2007 11:17 am Post subject: |
|
|
You need to Deny/Allow not Allow/Deny. It should then request a user and pass from any anonymous user.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
| Posted: Thu Sep 20, 2007 11:35 am Post subject: |
|
|
VeeDub, if you're talking about the Web File Browser 0.4b14 from http://www.webfilebrowser.org/, you will have to edit the file and search for the setting $authmethod then change it to:
| Code: | | $authmethod = "session"; |
Next, find the section on
// ---- USERS ----
and define your users accordingly, example:
| Code: | $user = array(
"admin" => array(
"password" => "adminpass",
"profile" => "full"
),
"user1" => array(
"password" => "user1pass",
"profile" => "can_read_dir_tree"
)
"user2" => array(
"password" => "user2pass",
"profile" => "cannot_read_dir_tree"
)
);
|
Next, find the section on
// ---- PROFILES ----
and define the profiles accordingly, example:
| Code: | $profile = array(
"full" => array(
"allowmove" => true, // Allows file and directory moving
"allowrename" => true, // Allows file and directory renaming
"allowalias" => true, // Allows file aliasing
"allowcopy" => true, // Allows file copying
"allowdelete" => true, // Allows file deletion
"allowremovedir" => true, // Allows directory deletion
"allowcreatefile" => true, // Allows file creation
"allowcreatedir" => true, // Allows directory creation
"allowupload" => true, // Allows file uploads
"allowurlupload" => true, // Allows file uploads from URL
"allowbrowsetrashcan" => true, // Allows browsing of trash can
"allowemptytrashcan" => true, // Allows emptying of trash can
"allowrestorefromtrashcan" => true, // Allows restore files from trash can
"allowdownload" => true, // Allows file download
"allowedit" => true, // Allows file edition
"allowshow" => true, // Allows file viewing (useful only if allowedit is false)
"allowsearch" => true, // Allows searches
"allowregexpsearch" => true // Allows optional use of regular expressions in searches
),
"can_read_dir_tree" => array(
"allowmove" => false, // Allows file and directory moving
"allowrename" => false, // Allows file and directory renaming
"allowalias" => false, // Allows file aliasing
"allowcopy" => false, // Allows file copying
"allowdelete" => false, // Allows file deletion
"allowremovedir" => false, // Allows directory deletion
"allowcreatefile" => false, // Allows file creation
"allowcreatedir" => false, // Allows directory creation
"allowupload" => false, // Allows file uploads
"allowurlupload" => false, // Allows file uploads from URL
"allowbrowsetrashcan" => false, // Allows browsing of trash can
"allowemptytrashcan" => false, // Allows emptying of trash can
"allowrestorefromtrashcan" => false, // Allows restore files from trash can
"allowdownload" => true, // Allows file download
"allowedit" => false, // Allows file edition
"allowshow" => true, // Allows file viewing (useful only if allowedit is false)
"allowsearch" => true, // Allows searches
"allowregexpsearch" => true // Allows optional use of regular expressions in searches
),
"cannot_read_dir_tree" => array(
"allowmove" => false, // Allows file and directory moving
"allowrename" => false, // Allows file and directory renaming
"allowalias" => false, // Allows file aliasing
"allowcopy" => false, // Allows file copying
"allowdelete" => false, // Allows file deletion
"allowremovedir" => false, // Allows directory deletion
"allowcreatefile" => false, // Allows file creation
"allowcreatedir" => false, // Allows directory creation
"allowupload" => false, // Allows file uploads
"allowurlupload" => false, // Allows file uploads from URL
"allowbrowsetrashcan" => false, // Allows browsing of trash can
"allowemptytrashcan" => false, // Allows emptying of trash can
"allowrestorefromtrashcan" => false, // Allows restore files from trash can
"allowdownload" => true, // Allows file download
"allowedit" => false, // Allows file edition
"allowshow" => false, // Allows file viewing (useful only if allowedit is false)
"allowsearch" => false, // Allows searches
"allowregexpsearch" => false // Allows optional use of regular expressions in searches
)
); |
Hmm... it's only after looking through the option set that I discovered that you cannot disable viewing the directory tree for the "cannot_read_dir_tree" profile. However, I hope this gives you an idea on how to attack your problem.
_________________
 http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
| Back to top |
|
|
VeeDub
-
Joined: 20 Sep 2007
Posts: 5
|
| Posted: Thu Sep 20, 2007 11:55 am Post subject: |
|
|
| AbyssUnderground wrote: | | You need to Deny/Allow not Allow/Deny. It should then request a user and pass from any anonymous user. |
@Andy,
According to the online help, this is not the case, but I tried it anyway and no change in the behaviour.
VW |
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Thu Sep 20, 2007 11:57 am Post subject: |
|
|
| VeeDub wrote: | | AbyssUnderground wrote: | | You need to Deny/Allow not Allow/Deny. It should then request a user and pass from any anonymous user. |
@Andy,
According to the online help, this is not the case, but I tried it anyway and no change in the behaviour.
VW |
I realise that now I misunderstood what you meant. I now know but I do not have a solution yet.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Thu Sep 20, 2007 12:12 pm Post subject: |
|
|
| VeeDub wrote: | I have now added the Web File Browser which works fine, but an anonymous user has full access to the directory tree, the permissions are being ignored.
I can see on the Web File Browser site that it is possible to configure permissions, but cannot see an example for Aprelium ... is a document available |
Web file browser can be protected using Abyss Web Server access protection system like Abyssunderground explained.
You can also use its own integrated login/password mechanism as loloyd pointed it out. In such a case, Abyss Web Server is not directly involved.
So which mode are you using?
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Thu Sep 20, 2007 12:14 pm Post subject: |
|
|
aprelium,
From what I understand he wants to block certain directories in the script itself.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
VeeDub
-
Joined: 20 Sep 2007
Posts: 5
|
| Posted: Thu Sep 20, 2007 12:56 pm Post subject: |
|
|
| aprelium wrote: |
Web file browser can be protected using Abyss Web Server access protection system like Abyssunderground explained.
You can also use its own integrated login/password mechanism as loloyd pointed it out. In such a case, Abyss Web Server is not directly involved.
So which mode are you using? |
@aprelium
My preference is to use Abyss if I can. The console is quite easy to use.
At the moment I am using Abyss permissions only, but since I have added the Web File Browser, they are not being enforced.
It sounds like I have not deployed the Web File Browser correctly, is there a document that I can review to see whether I have done something that I should not have.
I have placed webFilebrowser.php in the index files which means that is launched when you browse to the site from a Web browser. I am happy with the way that is working, but as I have mentioned, you connect anonymously and you can browse all directories.
Prior to installing webfilebrowser, when I tried to browse a directory with access controls in place (allow/deny) you would be prompted for a username and password. This is no longer happening.
I have not tried loloyd's suggestion yet, as it seems more involved than I had hoped and as loloyd observed it may not offer the control I desire anyway.
To clarify the solution that I seek:
- I would like the ability to upload files as well as download (this is what led me to try the WebFileBrowser)
- I intend having different directories at the root level of the Document's path and each directory will have a different username / password to access that directory.
- The access controls worked fine prior to implementing WebFileBrowser, but there was no ability to upload files.
So if WebFileBrowser can co-exist with Abyss access controls then I have stuffed the setup at some point.
Cheers
VW |
|
| Back to top |
|
|
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
| Posted: Fri Sep 21, 2007 3:43 am Post subject: |
|
|
WebFileBrowser's (WFB) authentication mechanisms, being in PHP, is separate from Abyss's authentication, although hooking them together is possible but requires much more complex work. Having said that, you will not be able to achieve your objectives because as WFB is a PHP script, it *can* actually bypass many levels of security settings even beyond the scope of Abyss and only limited by your operating system. PHP can go virtually anywhere in your server's directory structure and its being able to do this is separate from what Abyss can limit it in doing so.
It appears that you want to be able to use WebFileBrowser only for yourself and not let others use it. Is this correct? This can be solved by way of the solution I presented above, and even made stronger if combined with AbyssUnderground's recommendation of controlling the access to your webfilebrowser.php only to you via Abyss authentication. (Actually, either solutions work well too even if not combined).
If that was not the scenario you want then maybe you want:
1. Administrator has full access to all the powers of WFB (addressed).
2. Others may use WFB but they cannot upload anything although they can see/read everything that you, as administrator, can see too (addressed also).
3. Limit the directory scope of others as to what they will be able to see in WFB, and still disallow them from uploading anything (partially addressed, AND you have to heavily edit WFB's internal workings regarding the directory scope that will be made available to them).
HTH.
_________________
http://home.loloyd.com/ is online if the logo graphic at left is showing. |
|
| Back to top |
|
|
loloyd
-
Joined: 03 Mar 2006
Posts: 435
Location: Philippines
|
|
| Back to top |
|
|
VeeDub
-
Joined: 20 Sep 2007
Posts: 5
|
| Posted: Sat Sep 22, 2007 1:31 am Post subject: |
|
|
| loloyd wrote: | Rebutt. Sorry for double posting but this post has a different scope from my previous one.
I just re-examined WFB's behavior. Let's say you have this on your setup:
This means that less-privileged users will not be able to access 3e5a_faded.jpg from within directory2 if directory2 has been access-controlled in Abyss but they will be able to see that the file exists there. |
@loloyd
Thank you for looking into this.
I must admit that when I could browse the directory tree I assumed that the user had rights to access the files.
As you say, although less-privileged users can see the files that exist, they cannot access them unless they know the username and password. This should be fine for my purposes.
Thanks again!
VW |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
