Copying in to this thread something I posted to another. In response to . . .
TonyPh12345 wrote:
Voila! That’s WEBDAV in action! :smileyvery-happy:
If you make any changed within the Web UI the configuration files might be re-written and WebDAV re-enabled. I’ve not checked this out. For sure /etc/nas/apache2/auth/require.inc
is re-created every time a change is done to a user or share. though the Web UI.
What you may be able to so is copy the entry for the Public folder from /etc/nas/apache2/auth/require.inc
into /etc/apache2/sites-enabled/000-Apollo3G
and comment out the line Include /etc/nas/apache2/auth/require.inc
. you 'll need to do the same thing on /etc/apache2/sites-enabled/000-Apollo3G-ssl
The Web UI and associated scripts will still re-write /etc/nas/apache2/auth/require.inc
but because Include /etc/nas/apache2/auth/require.inc
is now # Include /etc/nas/apache2/auth/require.inc
in both /etc/apache2/sites-enabled/000-Apollo3G
and /etc/apache2/sites-enabled/000-Apollo3G-ssl
all the other shares desired as private will be inaccessible to WebDAV. Ine point to remember… WD2GO may also not have access to those shares omitted from WedDAV and I read something about Windows 7 accessing shares through WebDAV and not Samba’s SMB so maybe there may be issues with Windows 7’s ability to access files. I’ve not moved to Windows 7 yet because XP does everything I need it to do (why upgrade/fix when it ain’t broke?) so can’t prove or disprove the latter.
Point of note is to journal all your changes so when there is a desire to apply a official firmware update you can put back the original configuration BEFORE applying a future official firmware update.
So, the “before” would be . . .
############################
# WebDav Extension
############################
Include /etc/nas/apache2/auth/alias.inc
Alias /shares /shares
<Location /shares>
Dav On
Order Deny,Allow
Deny from all
Allow from all
AuthName DeviceUser
AuthType Digest
AuthDigestDomain /shares
AuthDigestProvider file
AuthUserFile /etc/nas/apache2/auth/htpasswd
AuthGroupFile /etc/nas/apache2/auth/htgroup
#AuthzGroupFileAuthoritative Off
</Location>
Include /etc/nas/apache2/auth/require.inc
#############################
… and after the change it should look like …
############################
# WebDav Extension
############################
# Include /etc/nas/apache2/auth/alias.inc
Alias /shares /shares
Alias /Public /shares/Public
<Location /shares>
Dav On
Order Deny,Allow
Deny from all
Allow from all
AuthName DeviceUser
AuthType Digest
AuthDigestDomain /shares
AuthDigestProvider file
AuthUserFile /etc/nas/apache2/auth/htpasswd
AuthGroupFile /etc/nas/apache2/auth/htgroup
#AuthzGroupFileAuthoritative Off
</Location>
# Include /etc/nas/apache2/auth/require.inc
<Directory /shares/Public/>
Dav on
Allow from all
AuthName DeviceUser
AuthType Digest
AuthDigestDomain /shares/ /shares/Public/ /Public/
AuthDigestProvider file
AuthUserFile /etc/nas/apache2/auth/htpasswd
AuthGroupFile /etc/nas/apache2/auth/htgroup
<Limit PROPFIND>
Require valid-user
</Limit>
</Directory>
#############################
Try that. If you’re not using WebDAV then it should plug this security issue and still keep the Public folder accessible to WebDAV, any changed to on the Web UI won’t change the WebDAV configuration and also should not break the Web UI.
Someone remind me the reason why WebDAV exists on the MyBook Live? What is it’s purpose and use?