Help

Preventing http access without breaking anything

Go to solution
Asnyder
Contributor III

Posted on ‎04-04-2018 01:56 PM

I currently use apache to host a file server as a distribution point. I followed the guide when setting it up initially and have everything symlinked from my samba share. A couple students have found the file server via url and I'm having problems with them downloading packages and now I'm worried about security. Is there a way I can add authentication to the apache directory without breaking http downloads?

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
crbeck
Contributor

Posted on ‎04-05-2018 06:49 AM

Yes, you can absolutely secure it with a username and password and it will still function over http. I'm not as familiar with Apache as I used Nginx for my file server (although I used the apache2-utils package to generate the password), but I would bet this guide Digital Ocean published would be useful.

When you add your file share to Jamf, you can configure the HTTP/HTTPS tab to use Username and Password for Authentication Type, and then provide the username and password so your Jamf enrolled devices can still access the HTTP file server.

93bc873ba76546868f2bcc6725f3fad5

Keep in mind if you aren't using SSL your username and password will be transmitted in plain text over your network so some clever students could sniff that out. It's enough of a hassle to keep most out though.

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
crbeck
Contributor

Posted on ‎04-05-2018 06:49 AM

Yes, you can absolutely secure it with a username and password and it will still function over http. I'm not as familiar with Apache as I used Nginx for my file server (although I used the apache2-utils package to generate the password), but I would bet this guide Digital Ocean published would be useful.

When you add your file share to Jamf, you can configure the HTTP/HTTPS tab to use Username and Password for Authentication Type, and then provide the username and password so your Jamf enrolled devices can still access the HTTP file server.

93bc873ba76546868f2bcc6725f3fad5

Keep in mind if you aren't using SSL your username and password will be transmitted in plain text over your network so some clever students could sniff that out. It's enough of a hassle to keep most out though.

0 Kudos

Go to solution
Asnyder
Contributor III

Posted on ‎04-05-2018 07:08 AM

I would use ssl but when I initially setup the server I didn't set it up properly with /var/www/mydomain.com/html so I don't think certbot will work. I might just go ahead and change it now since it's getting close to the end of the year and a lot of installs aren't really necessary right now. Thanks for the link! Right now I just turned off access to everyone.

0 Kudos