April 13th, 2010, 09:27 AM
-
Ftp security
Hey all
I have question if you dont mind mee ask.
I have apache, ftp and mysql installed in centos.
when you enter the http : // ip address
Apache gets the user name and password on page , checks with mysql and opens ftp to user
however if I type the http : // ip address/ftp/ I am able to access all data without entering user and password which is kind of an open gate that we do not want.
basically user ftp directory is /var/www/ftp and whoever types my server url and adds /ftp , he is able to see all ftp content. I do not know it is apache or ftp user issue
I think I am missing somethings.
Do you guys have any idea about that?
all suggestions are more than welcome.
thank you in advance
April 13th, 2010, 08:49 PM
-
Originally Posted by malesef
Hey all
I have question if you dont mind mee ask.
I have apache, ftp and mysql installed in centos.
when you enter the http : // ip address
Apache gets the user name and password on page , checks with mysql and opens ftp to user
however if I type the http : // ip address/ftp/ I am able to access all data without entering user and password which is kind of an open gate that we do not want.
basically user ftp directory is /var/www/ftp and whoever types my server url and adds /ftp , he is able to see all ftp content. I do not know it is apache or ftp user issue
I think I am missing somethings.
Do you guys have any idea about that?
all suggestions are more than welcome.
thank you in advance
What exactly is http://ip address/ftp ? How is your FTP server set up? Going to http:// will display a web page (or files). You can deny access to directory listings via Apache if this is what you want.
However, if you meant that you typed ftp://ip address/ftp, then my question would be: When did you try this? If immediately after ftp://ip address, then the user/pass was probably stored on the machine (cookie or whatnot).
"I don't need to get a life. I'm a gamer. I have lots of lives!"
April 14th, 2010, 08:08 AM
-
thank you
You were right
as you said "You can deny access to directory listings via Apache if this is what you want."
httpd.conf
To disable directory listing
Options Indexes FollowSymLinks
I just removed ‘Indexes’ from the line.
I appreciate.
April 14th, 2010, 06:22 PM
-
Originally Posted by malesef
thank you
You were right
as you said "You can deny access to directory listings via Apache if this is what you want."
httpd.conf
To disable directory listing
Options Indexes FollowSymLinks
I just removed ‘Indexes’ from the line.
I appreciate.
Glad you got it sorted... and thanks for posting back what you did.
"I don't need to get a life. I'm a gamer. I have lots of lives!"