Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache 2.4 - WebDav - Multi-User - Only PDF |
|
Author |
|
Thorsten2234
Joined: 29 Mar 2019 Posts: 1 Location: Germany
|
Posted: Fri 29 Mar '19 16:58 Post subject: Apache 2.4 - WebDav - Multi-User - Only PDF |
|
|
Hi,
at the moment I try to restrict users to only upload PDF files (at least files with the ".pdf" extension should be allowed) to their webdav folder.
Apache 2.4 running on Windows Server 2016.
Login to webdav and filetransfer works fine.
If you see any security risks in my config, please tell me
I tried "filemask" and "rewrite engine", but both don't work
Maybe you can help me, to get rid of this problem.
Also I tried to deny creating a new folder. I solved this problem with the windows security permissions.
Is there a better way to restrict webdav users to create subfolder?
Example for filematch and RewriteEngine I tried. (Both added in the <directory>-section)
Code: |
<FilesMatch "\.(?i:exe|bat|php|js|com|vbs|pif)$">
Require all denied
</FilesMatch>
|
Code: |
RewriteEngine On
LogLevel alert rewrite:trace8
RewriteCond %{THE_REQUEST} ^PUT*/oliver/*.php$ [NC]
RewriteRule ".php" - [F]
|
Web-Dav config is loaded by "httpd.conf"
Webdav main config:
Code: |
DavLockDB "webdav_storage/lock"
# Load admin config
Include conf/extra/webdav-adminconf/sysadmin.conf
# Load user configs
Include conf/extra/webdav-multiconf/*.conf
#
# The following directives disable redirects on non-GET requests for
# a directory that does not include the trailing slash.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
|
User config as example (without my tests with filematch and rewrite)
Code: |
Alias "/oliver" "C:\Apache24\webdav_storage\oliver"
<Location /oliver>
SetHandler none
AddType text/plain php php3 php4 php5 php7 php8 pht phptml phps
ForceType text/plain
LimitRequestBody 16000000
</Location>
<Directory "/oliver">
AllowOverride None
LimitRequestBody 16000000
ForceType text/plain
Options -ExecCGI -FollowSymLinks -Includes +Indexes
DAV On
DAVMinTimeout 600
AuthType Digest
AuthName oliver
AuthDigestDomain "/oliver"
AuthDigestProvider file
AuthUserFile "C:\Apache24\conf\extra\webdav-multiconf\oliver.passwd"
Require user oliver
<LimitExcept GET PROPFIND POST OPTIONS MKCOL PUT DELETE LOCK UNLOCK COPY MOVE PROPPATCH>
Require user oliver
</LimitExcept>
</Directory>
|
Kind regards,
Thorsten |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7294 Location: Germany, Next to Hamburg
|
Posted: Tue 02 Apr '19 15:33 Post subject: |
|
|
As far as I know there is no way to limit a WebDAV client to a certain mime type to upload.
It might be a solution to use a server side language to upload the files via a html form. |
|
Back to top |
|
|
|
|
|
|