diff options
| author | Glenn Strauss <gstrauss@gluelogic.com> | 2023-01-03 18:00:18 -0500 |
|---|---|---|
| committer | Glenn Strauss <gstrauss@gluelogic.com> | 2023-01-03 19:12:21 -0500 |
| commit | 1eda50740ea0b976ede22ac7920ca0535fc6b846 (patch) | |
| tree | ffe5a9091ead9bc1050b710cfa96a796fb86d21c /doc | |
| parent | d809433d6d900e899f796606b11bdc6a73413ac5 (diff) | |
| download | lighttpd-git-1eda50740ea0b976ede22ac7920ca0535fc6b846.tar.gz | |
[doc] remove references to removed modules
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/config/conf.d/Makefile.am | 1 | ||||
| -rw-r--r-- | doc/config/conf.d/secdownload.conf | 35 | ||||
| -rw-r--r-- | doc/config/modules.conf | 7 | ||||
| -rw-r--r-- | doc/outdated/Makefile.am | 2 | ||||
| -rw-r--r-- | doc/outdated/configuration.txt | 2 | ||||
| -rw-r--r-- | doc/outdated/secdownload.txt | 147 |
6 files changed, 0 insertions, 194 deletions
diff --git a/doc/config/conf.d/Makefile.am b/doc/config/conf.d/Makefile.am index 7c976afe..a1eb33b9 100644 --- a/doc/config/conf.d/Makefile.am +++ b/doc/config/conf.d/Makefile.am @@ -13,7 +13,6 @@ EXTRA_DIST=access_log.conf \ proxy.conf \ rrdtool.conf \ scgi.conf \ - secdownload.conf \ simple_vhost.conf \ ssi.conf \ status.conf \ diff --git a/doc/config/conf.d/secdownload.conf b/doc/config/conf.d/secdownload.conf deleted file mode 100644 index 7262e62c..00000000 --- a/doc/config/conf.d/secdownload.conf +++ /dev/null @@ -1,35 +0,0 @@ -####################################################################### -## -## Secure Download Module -## ------------------------ -## -## See https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSecDownload -## -server.modules += ( "mod_secdownload" ) - -## -## Document root for the download area. -## The directory should not be below your normal -## document root! -## -#secdownload.document-root = server_root + "/downloads" - -## -## Secret string that will be used for the checksum calculation. -## -#secdownload.secret = "" - -## -## How long is the secret valid? -## -## Default: 60 seconds -## -#secdownload.timeout = 60 - -## -## Prefix for the download area. -## -#secdownload.uri-prefix = "/download/" - -## -####################################################################### diff --git a/doc/config/modules.conf b/doc/config/modules.conf index f1a3e864..75235b55 100644 --- a/doc/config/modules.conf +++ b/doc/config/modules.conf @@ -30,7 +30,6 @@ ## - mod_scgi -> conf.d/scgi.conf ## - mod_fastcgi -> conf.d/fastcgi.conf ## - mod_proxy -> conf.d/proxy.conf -## - mod_secdownload -> conf.d/secdownload.conf ## - mod_expire -> conf.d/expire.conf ## ## NOTE: The order of modules in server.modules is important. @@ -48,7 +47,6 @@ server.modules = ( # "mod_rewrite", "mod_access", -# "mod_evasive", # "mod_auth", # "mod_authn_file", # "mod_redirect", @@ -105,11 +103,6 @@ server.modules = ( #include conf_dir + "/conf.d/rrdtool.conf" ## -## mod_secdownload -## -#include conf_dir + "/conf.d/secdownload.conf" - -## ####################################################################### ####################################################################### diff --git a/doc/outdated/Makefile.am b/doc/outdated/Makefile.am index 0ee37207..b901f501 100644 --- a/doc/outdated/Makefile.am +++ b/doc/outdated/Makefile.am @@ -12,7 +12,6 @@ plugins.txt \ proxy.txt \ redirect.txt \ rewrite.txt \ -secdownload.txt \ security.txt \ simple-vhost.txt \ skeleton.txt \ @@ -47,7 +46,6 @@ HTMLDOCS=accesslog.html \ proxy.html \ redirect.html \ rewrite.html \ - secdownload.html \ security.html \ simple-vhost.html \ skeleton.html \ diff --git a/doc/outdated/configuration.txt b/doc/outdated/configuration.txt index de7b2be5..c3cf6924 100644 --- a/doc/outdated/configuration.txt +++ b/doc/outdated/configuration.txt @@ -369,13 +369,11 @@ server.modules "mod_simple_vhost", "mod_evhost", "mod_userdir", - "mod_secdownload", "mod_fastcgi", "mod_proxy", "mod_cgi", "mod_ssi", "mod_deflate", - "mod_usertrack", "mod_expire", "mod_rrdtool", "mod_accesslog" ) diff --git a/doc/outdated/secdownload.txt b/doc/outdated/secdownload.txt deleted file mode 100644 index 6b2de072..00000000 --- a/doc/outdated/secdownload.txt +++ /dev/null @@ -1,147 +0,0 @@ -=========================== -Secure and Fast Downloading -=========================== - ------------------------ -Module: mod_secdownload ------------------------ - -:Author: Jan Kneschke -:Date: $Date: 2004/08/01 07:01:29 $ -:Revision: $Revision: 1.1 $ - -:abstract: - authenticated file requests and a countermeasure against - deep-linking can be achieved easily by using mod_secdownload - -.. meta:: - :keywords: lighttpd, secure, fast, downloads - -.. contents:: Table of Contents - -Options -======= - -:: - - secdownload.secret = <string> - secdownload.document-root = <string> - secdownload.uri-prefix = <string> (default: /) - secdownload.timeout = <short> (default: 60 seconds) - -Description -=========== - -there are multiple ways to handle secured download mechanisms: - -1. use the webserver and the internal HTTP authentication -2. use the application to authenticate and send the file - through the application - -Both ways have limitations: - -webserver: - -- ``+`` fast download -- ``+`` no additional system load -- ``-`` inflexible authentication handling - -application: - -- ``+`` integrated into the overall layout -- ``+`` very flexible permission management -- ``-`` the download occupies an application thread/process - -A simple way to combine the two ways could be: - -1. app authenticates user and checks permissions to - download the file. -2. app redirects user to the file accessible by the webserver - for further downloading. -3. the webserver transfers the file to the user. - -As the webserver doesn't know anything about the permissions -used in the app, the resulting URL would be available to every -user who knows the URL. - -mod_secdownload removes this problem by introducing a way to -authenticate a URL for a specified time. The application has -to generate a token and a timestamp which are checked by the -webserver before it allows the file to be downloaded by the -webserver. - -The generated URL has to have the format: - -<uri-prefix><token>/<timestamp-in-hex><rel-path> - -<token> is an MD5 of - -1. a secret string (user supplied) -2. <rel-path> (starts with /) -3. <timestamp-in-hex> - - -As you can see, the token is not bound to the user at all. The -only limiting factor is the timestamp which is used to -invalidate the URL after a given timeout (secdownload.timeout). - -.. Note:: - Be sure to choose a another secret than the one used in the - examples, as this is the only part of the token that is not - known to the user. - - - -If the user tries to fake the URL by choosing a random token, -status 403 'Forbidden' will be sent out. - -If the timeout is reached, status 408 'Request Timeout' will be -sent. (This does not really conform to the standard, but should -do the trick). - -If token and timeout are valid, the <rel-path> is appended to -the configured (secdownload.document-root) and passed to the -normal internal file transfer functionality. This might lead to -status 200 or 404. - -Example -======= - -Application ------------ - -Your application has to generate the correct URLs. The following sample -code for PHP should be easily adaptable to any other language: :: - - <?php - - $secret = "verysecret"; - $uri_prefix = "/dl/"; - - # filename - $f = "/secret-file.txt"; - - # current timestamp - $t = time(); - - $t_hex = sprintf("%08x", $t); - $m = md5($secret.$f.$t_hex); - - # generate link - printf('<a href="%s%s/%s%s">%s</a>', - $uri_prefix, $m, $t_hex, $f, $f); - ?> - -Webserver ---------- - -The server has to be configured in the same way. The URI prefix and -secret have to match: :: - - server.modules = ( ..., "mod_secdownload", ... ) - - secdownload.secret = "verysecret" - secdownload.document-root = "/home/www/servers/download-area/" - secdownload.uri-prefix = "/dl/" - secdownload.timeout = 120 - secdownload.algorithm = "md5" |