logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Apache 2.4 - WebDav - Multi-User - Only PDF

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
Thorsten2234



Joined: 29 Mar 2019
Posts: 1
Location: Germany

PostPosted: Fri 29 Mar '19 16:58    Post subject: Apache 2.4 - WebDav - Multi-User - Only PDF Reply with quote

Hi,

at the moment I try to restrict users to only upload PDF files (at least files with the ".pdf" extension should be allowed) to their webdav folder.

Apache 2.4 running on Windows Server 2016.
Login to webdav and filetransfer works fine.
If you see any security risks in my config, please tell me Smile

I tried "filemask" and "rewrite engine", but both don't work Sad
Maybe you can help me, to get rid of this problem.

Also I tried to deny creating a new folder. I solved this problem with the windows security permissions.
Is there a better way to restrict webdav users to create subfolder?

Example for filematch and RewriteEngine I tried. (Both added in the <directory>-section)

Code:

<FilesMatch "\.(?i:exe|bat|php|js|com|vbs|pif)$">
   Require all denied
</FilesMatch>   


Code:

      RewriteEngine On
      LogLevel alert rewrite:trace8
      RewriteCond %{THE_REQUEST} ^PUT*/oliver/*.php$ [NC]
      RewriteRule ".php" - [F]


Web-Dav config is loaded by "httpd.conf"
Webdav main config:
Code:

DavLockDB "webdav_storage/lock"

# Load admin config
Include conf/extra/webdav-adminconf/sysadmin.conf

# Load user configs
Include conf/extra/webdav-multiconf/*.conf


#
# The following directives disable redirects on non-GET requests for
# a directory that does not include the trailing slash.
#

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully




User config as example (without my tests with filematch and rewrite)
Code:

Alias "/oliver" "C:\Apache24\webdav_storage\oliver"


<Location /oliver>
   SetHandler none
   AddType text/plain php php3 php4 php5 php7 php8 pht phptml phps
   ForceType text/plain
   LimitRequestBody 16000000
</Location>

<Directory "/oliver">

    AllowOverride None
   LimitRequestBody 16000000
    ForceType text/plain
   Options -ExecCGI -FollowSymLinks -Includes +Indexes
         
   DAV On
   DAVMinTimeout 600
   AuthType Digest
   AuthName oliver
   AuthDigestDomain "/oliver"
   AuthDigestProvider file
   AuthUserFile "C:\Apache24\conf\extra\webdav-multiconf\oliver.passwd"
   Require user oliver

   <LimitExcept GET PROPFIND POST OPTIONS MKCOL PUT DELETE LOCK UNLOCK COPY MOVE PROPPATCH>
      Require user oliver
   </LimitExcept>   

</Directory>



Kind regards,
Thorsten
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6552
Location: Germany, Next to Hamburg

PostPosted: Tue 02 Apr '19 15:33    Post subject: Reply with quote

As far as I know there is no way to limit a WebDAV client to a certain mime type to upload.
It might be a solution to use a server side language to upload the files via a html form.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1