Re: I *think* I found the apache2 docs, but it's in .html and Icannotgetfirefox to access it using "file:"+ /path/to/filedir

[gene heskett <gheskett@shentel.net>]

On 6/22/22 16:51, Gareth Evans wrote:
> On Wed 22 Jun 2022, at 21:16, gene heskett <gheskett@shentel.net> wrote:
> > On 6/22/22 10:45, Gareth Evans wrote:
> > [and I sniped a few kilobytes of.]
> >
> > I think I've got it, but I did find what may be a bug in mod auth_plain.
> >
> > Its asking for a username and pw, but nothing seems to satisfy it
> I didn't see you had replied before sending my previous message, please ignore.
>
> Can't find anything about mod_auth_plain but if you mean mod_auth_basic this requires usernames/passwords to be set up, not looking at /etc/passwd
>
> https://www.howtogeek.com/devops/how-to-setup-basic-http-authentication-on-apache/
>
> This also has a link to setting up LetsEncrypt.
>
> > , so
> > I disabled it, no man page hat I can find, and now its showing me
> > the directory I want as the root of this server, with one subdir
> > I can click on, and the first file I put there.
> >
> > However I need to compose an explanatory README to go with it as
> > I had to invent my own method of installing it on a u-booting rpi.  Its a
> > preempt-rt kernel needed to run the armhf version of linuxcnc from
> > the buildbot. I run the bleeding edge development version on all 4
> > of my machines I've built or rebuilt. I play the part of the caged
> > canary in the coal mine, checking for showstoppers as development
> > is ongoing and has been since the net arrived. Its a NIST project, re-
> > done in gpl and was once on the no export list. See at linuxcnc.org.
> >
> > So the plain text version is working and you should be able to see it at
> > <http:6309/geneslinuxbox.net> (or something like that)
> Yes.
Good, so I'll quit tinkering for today.
> > That file in the armhf subdir is just under 30 megabytes, so if paying
> > for the bandwidth, don't click on it.
> >
> > Making progress, I think, Thanks Gareth.
> >
> > However, if there is a way to implement a OTP so I can keep track of the
> > users,
> > I could use some help with that as long as I don't setup a universal pw
> > the bots
> > can use. What I'd like is a true OTP with a 2 week lifetime.  Can that
> > be done?
> I see there are various offerings (web search for "apache otp") but there doesn't seem to be an official offering.
>
> I would imagine just using a password would keep the bots away.  Are they that determined?

Some are, bing and mj12 seem to be the untrainable offenders. mj12 moves 
theirs around
in their huge address space about weekly so they got the /16 treatment 
several times.

 bing moves heirs about monthly. By the time those two seacrate drives 
puked, my iptables
rules were about 200 lines deep.

I think its called netfilter now, so I expect I better find out how to 
use it.

In the meantime,  a man page for robots.txt would be nice  but I expect
DDG can find that..
> Best wishes,
> Gareth
Take care and stay well.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis