[Solved] webDAV Directory Permissions - NoAuth/Public READ - Auth WRITE
Added by gogonowski almost 5 years ago
We are using Lighttpd for HLS (HTTP Live Streaming) content delivery.
Works well, as expected.
Is there a way to specify a webDAV Directory, such that it REQUIRES AUTH ONLY for WRITE, but NO AUTH for READ?
We are currently using an additional Alias and two Directories to accomplish this with Lighttpd, but we are hoping there is a better way.
The Lighttpd config seems to REQUIRE READ and WRITE AUTH on webDAV Directories.
Apache 2.4 achieves the desired behavior with:
<Directory /ram/hls>
DAV On
AuthType Basic
AuthName DAV
AuthUserFile /etc/apache2/.htpasswd
AuthBasicProvider file
Header append Allow MKCOL,PUT
Options +Indexes
<RequireAny>
Require method GET POST OPTIONS
Require user encoder
</RequireAny>
</Directory>
The <RequireAny> is key here.
Thank you.
/greg.
Replies (5)
RE: webDAV Directory Permissions - NoAuth/Public READ - Auth WRITE - Added by gstrauss almost 5 years ago
Do you have any specific questions about the lighttpd config documentation at Docs_Configuration ? Have you read it? Did you overlook $HTTP["request-method"] ?
RE: webDAV Directory Permissions - NoAuth/Public READ - Auth WRITE - Added by gogonowski almost 5 years ago
Yes, I did overlook "request-monitor".
Since we have been using the double-alias work-around for quite some time, this config question has been at the back of my mind for quite some time.
I did not realize that "request-monitor" was added to lighttpd as of 1.4.19.
We should be able to make this work as desired now.
This will allow our StreamS HLSdirect live streaming encoders to use the exact same config as Apache using DAV.
No RTMP ingest is required, or desired.
/g.
[Solved] RE: webDAV Directory Permissions - NoAuth/Public READ - Auth WRITE - Added by gstrauss almost 5 years ago
I did not realize that "request-monitor" was added to lighttpd as of 1.4.19.
$HTTP["request-method"] (not "request-monitor")
lighttpd 1.4.19 was released 13 Mar 2008. That's over 11 years ago. You must be using an even older version (!!!)
There have been 34 (!) releases of lighttpd since 1.4.19. Yes, lighttpd has been improved since then, bugs have been fixed, features added, and documentation updated.
RE: [Solved] webDAV Directory Permissions - NoAuth/Public READ - Auth WRITE - Added by gogonowski almost 5 years ago
We've certainly been using current versions of lighttpd. I didn't think to check the updated documentation. My bad.
Now, after all this, I thought this through carefully, and I think the double-alias is ultimately a better solution security-wise, as the public facing URL for streaming players does not show writable OPTIONS. So it is a good first line of defense against "idle minds," as the encoder ingest URL is not directly exposed.
Thank you for reminding me about the updated docs.
/g.
RE: [Solved] webDAV Directory Permissions - NoAuth/Public READ - Auth WRITE - Added by gstrauss almost 5 years ago
Now, after all this, I thought this through carefully, and I think the double-alias is ultimately a better solution security-wise, as the public facing URL for streaming players does not show writable OPTIONS.
gogonowski: I am not sure what you consider "security" to entail, but I encourage you to test things before posting, specifically, under what conditions you set webdav.activate = "enable"