Hi Everyone,
I’m posting here because i want to know how you secure your webdav installation for grafana because i don’t know if my installation is secure enough or not.
So currently, i’m using alerts on mails and on slack channel. So my trouble was “how can i let webdav vhost secure without blocking slack request”. I guess the easiest solution was an allow from the slack subnet, but since they don’t have a static pool IP address, it’s not possible.
So i end up with this config, what do you think about it ?
Configuration apache
################
ImgHosting
################
<VirtualHost *:80>
ServerName pictures.domain.tld
DocumentRoot /home/webDAV
SetEnvIf X-Forwarded-Proto https HTTPS on
Alias /webdav /home/webDAV
<Directory /home/webDAV>
DAV On
AuthType Basic
AuthName "webdav"
AuthUserFile /etc/apache2/users.password
< limit POST PUT DELETE CONNECT OPTIONS PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
require valid-user
< /limit>
LogLevel warn
ErrorLog /var/log/apache2/error_pictures.domain.tld.log
CustomLog /var/log/apache2/access_pictures.domain.tld.log combined
Configuration grafana
[external_image_storage.webdav]
url = ##new user can post only 2 http links so…
public_url = ##new user can post only 2 http links so…
username = username
password = password
I think i block all the unwanted type of request since i get my list from apache manual here : https://httpd.apache.org/docs/2.4/fr/mod/core.html#limit
Thanks for advices
P.S: I hope i post this in the good section
Edit: I added a space between < and “limit” because it doesn’t appear if i don’t push this, probably due to a specific forum command