Hi,
I want to use lighttpd on an embedded MIPS router running DebianWRT
using lighttpd 1.4.13-4etch4. I want to use it for http(s) and webdav(s)
with authentification for the subdirs "download" and "upload".
I want to be able to give users access to download xor upload or to
both. using https this works using htdigest and different realms for
upload and download dirs. This is does not suffice as I realized. User
foo has realm "download area". If foo tries to access "upload area" the
authentification fails, access "download area" is granted as expected.
BUT: If foo tries to open "upload area" again, after accessing "download
area" the access gets granted which is not what I would expect.
In short: If the user gets authenticated for any realm it can access all
others too.
How can I implement a behavior so that a user only gets access to the
directory/realm that I want him to have access???
Thanks,
Michael
=== 10-webdav.conf ===
$HTTP["url"] =~ "^/download($|/)" {
webdav.activate = "enable"
webdav.is-readonly = "enable"
}
$HTTP["url"] =~ "^/upload($|/)" {
webdav.activate = "enable"
webdav.is-readonly = "disable"
}
=== 20-auth.conf ===
server.modules += ( "mod_auth" )
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/auth/htdigest.user"
auth.require = ( "/upload" =>
(
"method" => "digest",
"realm" => "upload area",
"require" => "valid-user"
),
"/download" =>
(
"method" => "digest",
"realm" => "download area",
"require" => "valid-user"
)
)
on 15.05.2008 19:29
