logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache 2.4 - WebDav - Multi-User - Only PDF
Author
Thorsten2234



Joined: 29 Mar 2019
Posts: 1
Location: Germany

PostPosted: Fri 29 Mar '19 16:58    Post subject: Apache 2.4 - WebDav - Multi-User - Only PDF Reply with quote

Hi,

at the moment I try to restrict users to only upload PDF files (at least files with the ".pdf" extension should be allowed) to their webdav folder.

Apache 2.4 running on Windows Server 2016.
Login to webdav and filetransfer works fine.
If you see any security risks in my config, please tell me Smile

I tried "filemask" and "rewrite engine", but both don't work Sad
Maybe you can help me, to get rid of this problem.

Also I tried to deny creating a new folder. I solved this problem with the windows security permissions.
Is there a better way to restrict webdav users to create subfolder?

Example for filematch and RewriteEngine I tried. (Both added in the <directory>-section)

Code:

<FilesMatch "\.(?i:exe|bat|php|js|com|vbs|pif)$">
   Require all denied
</FilesMatch>   


Code:

      RewriteEngine On
      LogLevel alert rewrite:trace8
      RewriteCond %{THE_REQUEST} ^PUT*/oliver/*.php$ [NC]
      RewriteRule ".php" - [F]


Web-Dav config is loaded by "httpd.conf"
Webdav main config:
Code:

DavLockDB "webdav_storage/lock"

# Load admin config
Include conf/extra/webdav-adminconf/sysadmin.conf

# Load user configs
Include conf/extra/webdav-multiconf/*.conf


#
# The following directives disable redirects on non-GET requests for
# a directory that does not include the trailing slash.
#

BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully




User config as example (without my tests with filematch and rewrite)
Code:

Alias "/oliver" "C:\Apache24\webdav_storage\oliver"


<Location /oliver>
   SetHandler none
   AddType text/plain php php3 php4 php5 php7 php8 pht phptml phps
   ForceType text/plain
   LimitRequestBody 16000000
</Location>

<Directory "/oliver">

    AllowOverride None
   LimitRequestBody 16000000
    ForceType text/plain
   Options -ExecCGI -FollowSymLinks -Includes +Indexes
         
   DAV On
   DAVMinTimeout 600
   AuthType Digest
   AuthName oliver
   AuthDigestDomain "/oliver"
   AuthDigestProvider file
   AuthUserFile "C:\Apache24\conf\extra\webdav-multiconf\oliver.passwd"
   Require user oliver

   <LimitExcept GET PROPFIND POST OPTIONS MKCOL PUT DELETE LOCK UNLOCK COPY MOVE PROPPATCH>
      Require user oliver
   </LimitExcept>   

</Directory>



Kind regards,
Thorsten
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6684
Location: Germany, Next to Hamburg

PostPosted: Tue 02 Apr '19 15:33    Post subject: Reply with quote

As far as I know there is no way to limit a WebDAV client to a certain mime type to upload.
It might be a solution to use a server side language to upload the files via a html form.
Back to top


Reply to topic   Topic: Apache 2.4 - WebDav - Multi-User - Only PDF View previous topic :: View next topic
Post new topic   Forum Index -> Apache