For the author - John?



*Note: please recognize that i am using domain1.net as an example because he is one of my friends... I am not 'illegally' using his bandwidth*

If I go to www.domain1.net/webmail I can logg in to my email account on domain2.net domain. BUT this webmail bandwidth will be charged to domain1.net.

Another thing... If I do www9.hostpc.com/webmail, there is no bandwidth charge to me, only to www9.hostpc.com... so that is a free way to check webmail...

Minor, right?

Not this way though... Say I host a 20 meg video of a wedding or whatever... I dont want to host on my account because i might go over (ok, i have 8 gig bandwidth, so i wouldn't, but bare with me) If I do link to www9.mywebserver.com/~domain2/directory/video.avi i can stream to everyone i know apparently unnoticed and un bandwidthed... This results from directadmin not knowing who to charge for hte bandwidth...

this bandwidth to www9 is speculation on my part, as I cannot see apache logs for that domain...


However, even worse is me trying to dick over domain1 (or anyone else on the domain).
If I do http://www.domain1.net/~user2/directory/video.avi i am not streaming my video THROUGH domain.net and the BANDWIDTH is charged to his account... of course in the logs it is easy to see that i am doing that, BUT it cause a good deal of confusion...

If direct admin doesn't log bandwidth by directory (which I dont beleive it does, it does by resolution and serving) then the www9.mywebserver.com/~user is a realtively nice hole to eat up free bandwidth...

Do note i have been trying this, so you will see a bunch of ~user calls in the www9 apache logs, but i am not hosting any files that are large than a few k... I was using only for testing my theory... and am not trying to steal your bandwidth... i have plently that goes unused everymonth... Just want to notify you guy because it would help to keep my domain from being outserved by another customer...

I beleive that you can stop this ~user access hole by uncommenting "Userdir public_html" line in the httpd.conf file It is something like that, i dont EXACTly remember since i am not at a comptuer that i can test that on...

this would fix the ~user hole. The /webmail hole though for www9.hostpc.com iam not so sure about... Since www9 is not hosting a webpage, I THINK you could add a /webmail redirect under the public html to redirect to a page that says "blahblhja blah use your own f-ing domain"


Any thoughts?? This seems pretty "critical" ... any suggestions on patching this "hole" would be appreciated, every MB costs me money in bandwidth.

Thanks for your input.

Joe

I noticed this today. I setup an account for a friend that needed to host something and told him to use http://xx.xx.xx.xx/~user. No bandwidth usaged for him yet and 70 some hits to a movie. While its no big deal for me, I can see it being a big problem.

Hello,

You can just disable the ~username feature in apache. Just comment out the following lines:
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
There isn't a whole lot that can be done (that I know of) to charge bandwith to a user from ~user. (If someone knows, let me know! :))

John

Using the syntax show in the UserDir documentation, you can restrict what users are permitted to use this functionality:

UserDir enabled
UserDir disabled root jro fish

The configuration above will enable the feature for all users except for those listed in the disabled statement. You can, likewise, disable the feature for all but a few users by using a configuration like the following:

UserDir disabled
UserDir enabled rbowen krietz
"

You would want to make the UserDir disable so that noone can use that ~user technique...

this is from http://httpd.apache.org/docs-2.0/howto/public_html.html


I now realize this is an issue in a "few" different cp's - nothing limited to just DA.... but I'd still like to find a complete solution, if one exists. This was posted by my user as an option -

Thanks John for your addressing this issue, if there's anything else that can be done, please let us know.

Joe

Hows about a time delay feature of say 48 hrs, you create a new account and they get 48hrs of http://ip/~accountname to use that feature before it gets automatically removed.

Yeah, automatic removal would be great.

Yeah, that's a good idea.

Make sure we can enable/disable it on per-user basis then (sometimes it takes longer than 48) :)

maybe you could add another button to the bottom of the user list page?

Perhaps something like this could be added to run at some interval to update the user's usage. Something like this could also be used to rotate the access and or error logs. From what I see you count the bytes transferred in the /var/log/httpd/domains/xxxx.bytes file and use that. This would just update that file based the domainowner. This may not be complete, but it might be a good start.


#!/usr/bin/perl

$accesslog="/var/log/httpd/access_log";
$domainown="/etc/virtual/domainowners";
$domainloc="/var/log/httpd/domains";
$domains=();

rotatelog();

# find out who owns what domain
open(INFILE,"<$domainown") || die "Could not open $domainown error $!\n";
while(<INFILE>) {
chomp;
($domain,$owner) = split /:/;
$domain =~ s/^\s*(.*?)\s*$/$1/;
$owner =~ s/^\s*(.*?)\s*$/$1/;
$domains{$owner}=$domain;
}

# open up access log file and start finding tilde access
$accesslog .= ".1";
open(INFILE,"<$accesslog") || die "Could not open $accesslog error $!\n";
while(<INFILE>) {
chomp;
$line = $_;
$line =~ s/.*] "//;
($req,$retbytes,$page,$misc,$browser) = split /"/,$line;
if($req =~ /~/) {
$req =~ s/.*~//;
$req =~ s/\/.*//;
$req =~ s/\s.*//;
next if(!length($req));
$retbytes =~ s/^\s*(.*?)\s*$/$1/;
($retcode,$bytes) = split / /,$retbytes;
$domain=$domains{$req};
if(!length($domain)) {
$domain="misc";
}
open(USERLOG,">>$domainloc/$domain") || die "Could not open $domainloc/$domain for appending error $!\n";
print USERLOG $_ . "\n";
close(USERLOG);
open(USERBYTE,">>$domainloc/$domain.bytes") || die "Could not open $domainloc/$domain.bytes for appending error $!\n";
print USERBYTE $bytes . "\n";
close(USERBYTE);

}
}
close(INFILE);

sub rotatelog {
$i=1;
$done=false;
while(!$done) {
$oldn="$accesslog.".$i;
if( -f $oldn ) {
$newn="$acceslog.".$i+1;
rename $oldn,$newn;
} else {
$done=true;
}
}
rename $accesslog, $accesslog.".1";
@args = ($apachectl,"graceful");
system(@args) == 0 || print "Error restarting apache\n";
sleep 60; # allow current requests to log
}

If that works properly, I say get it in ASAP! :)

Is there any word on this disabling feature or this adding up bandwith part?

I'd really like to see the latter part which just parses it for actual usage. Then there's no need for disabling this feature...

At the momment, that might work well.. *but* you'd have to run it on each and every log.. because there is no reason a user can't go "www.someonesdomain.com/~otheruser" unless we add a new

UserDir /home/username/domains/domain.com/users

Which would disable OTHER system accounts from being accessed from ~user.. AND would enable a new feature :)

Then we could have the *real* ~username only work on the IP (1.2.3.4/~username), which would be logged in the main access_log, which could be parsed for cheaters.

John

So we can expect this to be incorporated somewhere in the coming releases then ;)

:D

cant you parse the logs nightly and search for a url request starting with "/~" and then find a user by that name, and give the usage to their main domain? (and take it off the user who is getting abused)

Yes, that's the idea. It would just take a fair amount of cpu, but right now it's just a matter of getting to it.

John

Yeh, i know how much cpu it would use (and for an extended time).

Just remember to store the last line number parsed so you can jump to it without burning cpu on useless logs...

Another idea, is it possible to get apache to create a single log file for all domains along with every other domain? then you would have just one file to parse every night which you delete after using.

I think the best way would be to disable ~user on domain.com/~user and only allow it on 1.2.3.4/~user, so that it would decrease the number and size of logs that would need to be parsed (would only need to parse the main access_log). All ~user for domains would go to somewhere/nowhere in the user's home directory, so it couldn't be abused. It would also guranteed that they wouldn't be billing for someone else's abuse.

John

that would be the ideal way to do it, but i dont think DA allows that do they?

I am DA :D

John

:D oops...

Any information about this? It's a good idea to parse 1 file and add that to the bandwith and disk usage. I'm still noticing users using ~username on my server.

thanks

Robert

A solution I thought up a while back involves making things neater allowing a simple solution to this problem.

Instaed of:

http://host.name.com/~username/

why not have

username.host.name.com ?

A subdomain looks neater like that and would allow a much easier solution for directadmin to put the bandwidth on an account.. since its setup as a vhost :)

Chris

ooo.. nifty :) Just have to add "* A 1.2.3.4" to the dns record for the hostname, but then you'd be good to go.

John

And then what? The bandwith would still be charged against host.name.com and that's exactly what we're trying to avoid.

The idea of strictly using the server's ip / hostname and then parsing that log file to check for the username would still be best imho. This way the user can fully take advantage of having the server's ip/hostname ~ feature (or the vhost, whichever you prefer) but no matter what it would be charged against his bandwith. I couldn't care less if he was doing it that way or using his own domain, whereas now I do care since I keep on noticing users which prefer to have big image files loaded via ~ and therefor reducing bandwith.

btw, you'd not only have to add that A record, you'd have to create the vhost in the user's httpd.conf as well right?

Originally posted by S2S-Robert
And then what? The bandwith would still be charged against host.name.com and that's exactly what we're trying to avoid.

Read my message again.

Putting it as a subdomain allows it done be done a vhost, and therefore bandwidth tracking can be done 100% externally to any other account.

It would basically act as a full account although not be shown in the panel, have anything to do with the panel or be shown seperately in the panel. The quotas for the 'domain' (the subdomain) With DA hard coded modifications basically allows DirectAdmin to add domain1.com and subdomain.com quotas together and display that as a total for domain.com

Its a simple solution that fixes the whole problem and looks better than the current preview system in my opinion.

Chris

ah ok, so this would mean disabling of the ~, just parsing all the available log files for the subdomain.host.name.com vhosts and then adding the found bandwith to the account which is similar to the parsed vhost.

Neat :D

How about creating a default index.php file in the ~/ subdirectory redirecting to the subdomain?

This way customers won't be looking for it :)

Originally posted by UltimeWWW
How about creating a default index.php file in the ~/ subdirectory redirecting to the subdomain?

This way customers won't be looking for it :)

The easiest way without using bandwidth - or minimal bandwidth would be a redirect line in the main domains httpd.conf which would do this...... then you save space bandwidth and it will increase the redirect speed to instant (or very very close) :)

Chris

Any news on this one John / Mark?

Sorry, havn't touched that one. If you need it badly, you could just setup a script to do it with the /usr/local/directadmin/scripts/custom/domain_create_post.sh script, where it creates a virtualhost for you as a subdomain on your own domain.. ie: http://newdomain.com.yourdomain.com and set the Document root to their domain (/home/user/domains/domain.com/public_html), and also set the "bytes" log to /var/log/httpd/domains/domain.com.bytes so that they get the bill. Then just disabled user_dir (~username).

John

Im in the middle of an easy directadmin (redhat) system config / setup / installer script for basically everything! will consider including that :)

Chris

Why we need to add VirtualHost ?
I think more simplier it's just to add " |DOMAIN|.host.name.com" to ServerAlias line in custom virtual_host.conf, so it will looks like

ServerAlias www.|DOMAIN| |DOMAIN| |DOMAIN|.host.name.com

So, for any newly created domain we'll have a subdomain that already resolved to server IP (cos we added *.host.name.com pointed to server's shared IP in DNS) and it's ready to use!

Am I right? :)

But I don't like that "subdomain solution" anyway. I prefer to enable UserDir only on main server's IP and parse main access.log file once a week.

Hello,

All I'd need to do is add the hostname into a token as |HOSTNAME| and we could throw that token into the templates ..

The only question, is how to add the subdomain in a nice and generic fashion. Yes, * will work if they're all on the same IP, but what happens when the IP is shared on another IP.. or owned (Actuallly for owned, they just go the the IP).

Anyway, I'll add the HOSTNAME token anyway, (wont' touch the templates) .. no decision yet, but that is a good idea :)

John

I would really love to see this feature implemented since I keep having users who use ~ to either deliberately bypass bandwith or just don't know it.

Hello,

Well, how bout I throw out a solution and you guys can chew on it for a while before anything is actually done:

1) implement the "subfulldomain" hosting ;) (domain.com.hostnam.com)
2) disable userdir on user domains
3) ? leave ~username on the server IP and parse the logs?

So.. all of 1,2 and 3 would be implemented. Now for 3).. we could almost get rid of ~username completely, as long as we could rely on the "subfulldomain" thing working.. (is that a reasonable definition for it? ;))

John

I actually like the way hostname/~user looks. Don't know. I guess for thing for me is to disable ~user everywhere except for on my hostname and then parse its log.

Originally posted by DirectAdmin Support
Hello,

You can just disable the ~username feature in apache. Just comment out the following lines:
<IfModule mod_userdir.c>
UserDir public_html
</IfModule>
There isn't a whole lot that can be done (that I know of) to charge bandwith to a user from ~user. (If someone knows, let me know! :))

John

i just did this:

AddHandler cgi-script .cgi .pl
#<IfModule mod_userdir.c>
# UserDir public_html
#</IfModule>

restarted apache, but i can still access ip/~username

Hello,

You need to have
UserDir disabled in there.. otherwise I think it defaults to on or something :)

Phi1.

Yep, that's what I'm putting in the new httpd.conf that's included with DA.

John

I didn't realize there was a special token, so I used the following line in /usr/local/directadmin/data/templates/custom/virtual_host.conf file:



ServerAlias www.|DOMAIN| |DOMAIN| |USER|.main.domain


where main.domain - is the main domain of the server.
By main domain I mean the domain belonging to admin account.

Main domain has a secure certificate, which is shared by all users.
The question now is how to use the shared certificate w/o user directory.
If the domains would have the ROOT directory that looks like
/home/DOMAINNAME/public_html, I could use an internal redirect to access DOMAINNAME as https://main.domain/users/DOMAINNAME/ , but I am not sure how to do that with the path structure we have right now.
I was wondering if it would be possible to make a special directory (for example, /etc/httpd/sites) where will be symb links to root directories of domains, like this
domain1.com => /home/USER1/domains/domain1.com
domain2.com => /home/USER1/domains/domain2.com
domain3.com => /home/USER2/domains/domain3.com

Nifty trick :)

FYI, there is a new method available for ~username for 1.22.2:
http://www.directadmin.com/features.php?id=392

some httpd.conf changes are needed.. not too hard though :)

John

Got this bug:

LogFormat takes 1-2 arguments, a log format string (see docs) and an optional format name

LogFormat "%b "%r"" homedir

Do I have to modify homedir or?

Thank you, that's a nice feature indeed, but all domains except default one remain inaccessible until propagated. Also, security-wise, I would be happier using full domain names than a username.

I could write a script (to be called from CRON, say, every 5mins)that would go thru all directories in /home and create symb. links as described above, but this looks like unnecassary overhead on the servers with 200+ users.

Hello,


all domains except default one remain inaccessible until propagated
As it has always been. You can change the main domain for the account by going to User Panel -> Domain Administration -> select the new domain and click "Set as Default".


LogFormat takes 1-2 arguments, a log format string (see docs) and an optional format name
Yes... I see two. When you put the text between quotes, it becomes 1 argument as 1 string. Just add it as seen in the example.


would be happier using full domain names than a username
One other option, actually quite a simple change, would be to add:

ServerAlias www.|DOMAIN| |DOMAIN|.serverhostname.com

to the virtual_host.conf templates (similar to the method used a few posts up) which would give you access to all domains before propogation.

John

Originally posted by DirectAdmin Support
Hello,



all domains except default one remain inaccessible until propagated

As it has always been.



That's why I put "feature request" subject in my post ;)



One other option, actually quite a simple change, would be to add:

ServerAlias www.|DOMAIN| |DOMAIN|.serverhostname.com

to the virtual_host.conf templates (similar to the method used a few posts up) which would give you access to all domains before propogation.


This works fine for non-secure URLs, but how one can access the site securely with the server shared certificate?

This works fine for non-secure URLs, but how one can access the site securely with the server shared certificate?
Put it in the virtual_host_secure.conf too. :) Sure they'll get a popup, but it's still secure. If you're using ssl, it's going to be secure regardless if the certificate is verified or not.

John

Nah, I can't do that. We are hosting mostly e-commerce sites, if they see a popup called 'Security Alert' they will get cold feet regardless if the connection is secure or not :)

Originally posted by Webcart
Nah, I can't do that. We are hosting mostly e-commerce sites, if they see a popup called 'Security Alert' they will get cold feet regardless if the connection is secure or not :)

Then you should concider a wild-card ssl certificate, that will allow any subdomain to have ssl without the pop up. It costs quite a bit more, but if you really need the feature, then that would be your only other option.

The primary purpose of a cert is to identify the site.

So there's no way to use a cert for one domain to secure another domain without a popup.

Sure you can buy a wildcard cert, for something such as *.example.com, so all subdomains of example.com will work securely without the popup, but I don't think you're going to get anyone to issue you a cert for *.com. or for *., and if they did that would make the whole Internet totally insecure.

Jeff

Originally posted by jlasman
The primary purpose of a cert is to identify the site.

Jeff

With all the respect, I don't think this is an accurate statement. For one, some secure certificates can be issued within minutes and do not require much authentification to be issued. For two, we only need a certificate to provide encrypted connection and we would happily use self signed certificates if they wouldn't trigger a pop up window, which is rather confusing for most non-techie users.

Right now, we offer secure links in the form https://serverhostname.com/~username for all our clients, but like I mentioned before, this only provides an access to 1 domain per user. This might be not a big deal for someone else, but for us it's a very serious limitation.

Originally posted by toml
Then you should concider a wild-card ssl certificate, that will allow any subdomain to have ssl without the pop up. It costs quite a bit more, but if you really need the feature, then that would be your only other option.

This is a good idea and we will probably use it for subdomains, but like jlasman said it will not work in for the case described above.

As far as I know, there are only 2 ways to access one domain thru another:
1. UserDir (i.e., https://onedomain.com/~username)
2. Redirect via AliasMatch or RewriteRule

The first one has a limitation of making only 1 domain available and the second one needs ROOT directories of domains in the form
/home/DOMAINNAME/public_html

Originally posted by DirectAdmin Support
Yes... I see two. When you put the text between quotes, it becomes 1 argument as 1 string. Just add it as seen in the example.

I still get an error after manually adding

LogFormat "%b "%r"" homedir

to httpd.conf

Missing something.?

Jon

I put this and it fixed the error. I'm not sure if it messes up the stats or not, but it got apache to start.


LogFormat "%b \"%r"\"" homedir

Originally posted by jmstacey
I put this and it fixed the error. I'm not sure if it messes up the stats or not, but it got apache to start.


LogFormat "%b \"%r"\" homedir

Are you referring to webalizer? Does it mess the stats up?

John - is this the correct format?

regards

Jon

Originally posted by jmstacey
I put this and it fixed the error. I'm not sure if it messes up the stats or not, but it got apache to start.


LogFormat "%b \"%r"\" homedir

I tried your method and it didn;t work so looked at the LogFormat in the httpd.conf that exists already:

LogFormat "%h %l %u %t \"%r\" %>s %b" common

Changed mine to

LogFormat "%b \"%r\"" homedir

regards

Jon

Hello,

You can have multiple LogFormats. If you've removed the "common" log format, you'll probably want to add it back :)

John

Originally posted by Webcart
With all the respect, I don't think this is an accurate statement.
From my point of view, I agree with you. Today most of us think of a cert as only a method to secure data, and not to identify the site.

However it doesn't what you and I think. What matters is what cert's were invented for, and why they exist.

Here (http://www.leave-me-alone.com/certificates.htm)'s a good example of what a cert is for.

And Thawte (https://control.valueweb.net/control/thawte/) says the same.

For one, some secure certificates can be issued within minutes and do not require much authentification to be issued. For two, we only need a certificate to provide encrypted connection and we would happily use self signed certificates if they wouldn't trigger a pop up window, which is rather confusing for most non-techie users.
Even the low-priced guys (such as InstantSSL, which we resell) believe in identity verification, as it really is the primary reason certificates were originally invented. We had to agree to verify all our customers before Comodo (InstantSSL) would let us approve certificates for our customers.

Right now, we offer secure links in the form https://serverhostname.com/~username for all our clients, but like I mentioned before, this only provides an access to 1 domain per user. This might be not a big deal for someone else, but for us it's a very serious limitation.
The limitations in certificates are designed into them to make it hard for people to pretend to be someone else; even the cheapest certs offer a $50 indemnity if their cert allows you to log into a website owned by someone other than whom they say it is.

The limitations in Apache, however, are easier to get around :) .

It's amazing what you can do with links. So perhaps that's what you need to look at.

Then you can set up your own structure, and allow multiple directories inside users; something such as this:

https://serverhostname.com/~username/domain

Jeff

Originally posted by jlasman

From my point of view, I agree with you. Today most of us think of a cert as only a method to secure data, and not to identify the site.

However it doesn't what you and I think. What matters is what cert's were invented for, and why they exist.


I recognize good intentions behind this idea, but what really matters in commercial environment is how an idea can be put to work and the bottom line is that most people don't have a slight idea about certificates, but they get anxious when a window titled "Security alert" suddenly pops up.
And our clients running e-commerce sites are in line with that trend: so far, we have only 1 cert. installed on the server with 100+ domains (beside our shared cert, that is). People just don't like to pay for it and I can't say I blame them :)


It's amazing what you can do with links. So perhaps that's what you need to look at.

Then you can set up your own structure, and allow multiple directories inside users; something such as this:

https://serverhostname.com/~username/domain

Thanks, I thought about that a lot, I hate to beg for new features and prefer to do-it-yourself style when possible, but this little experiment turned out to be impractical: it's still too confusing for non-techie users for one, and it doesn't allow to make transparent move of sites to another server for two.

I will go with a script that maintains symb links to root directories for all domains, even though I have to call it from cron.

Originally posted by Webcart
I recognize good intentions behind this idea, but what really matters in commercial environment is how an idea can be put to work and the bottom line is that most people don't have a slight idea about certificates, but they get anxious when a window titled "Security alert" suddenly pops up.
I agree with you here as well. But the cert issuers would never agree with you, and if they did, then the browser companies wouldn't allow their certs to be authoritative. And if they did athe entire Internet community would probably be up in arms over it.

Certainly the low-priced companies who need "chain" or "root" certs have agreements in place with their chain/root cert suppliers that they're not allowed to do it with those chain/root certs.

Which is why we'll never see wildcard certs offered from cert vendors for the root "." domain or even a second-level domain such as .com.

So as I said, it doesn't matter what you or I think or would like to see.
[/quote]And our clients running e-commerce sites are in line with that trend: so far, we have only 1 cert. installed on the server with 100+ domains (beside our shared cert, that is). People just don't like to pay for it and I can't say I blame them :)[/quote]
They may not know they can get inexpensive certs. Certainly there's a price to be paid for security, whether it's locks/gates/alarms in a brick-and-mortar store, or a cert for an Internet-based store. We've never had a client flinch at the idea of a $50/year cert (we resell Comodo certs for a bit less than Comodo sells them for), and in fact, though we offer a shared cert, we're the only ones using it.

Our shared cert is for the "https://secure.ezsecureusa.com/" domain; click on it to see what you get.

To see it in work, try:

"https://secure.ezsecureusa.com/nobaloney/domains/"

In this case, secure.ezsecureusa.com is the site we bought the cert for, and nobaloney is the subdirectory we set up for the nobaloney.net domain. domains is a subdirectory set up in the nobaloney.net domain by the nobaloney.net webmaster for selling domains.

Because the folk who browse don't know to look for "https://secure.ezsecureusa.com/nobaloney/domains", we created a domain at "domains.nobaloney.net" and created a site redirection from the root directory to the secure.ezsecureusa.com directory.

We do all this ourselves for the users who require it (though as I mentioned above, so far no one uses it but us), and we create links so the user still loads and uploads to his private_html directory.

Jeff

perl -pi -e 's/UserDir public_html/UserDir disabled/' /etc/httpd/conf/httpd.conf


adjusts only the current httpd.conf to this?:
<IfModule mod_userdir.c>
UserDir disabled
</IfModule>

and, how can i check the bandwidth is getting counted?
that there are entries in homedir.log?

Originally posted by sander815
and, how can i check the bandwidth is getting counted?
that there are entries in homedir.log?

tail -f /var/log/homedir

should give access to realtime logging.

rgds

Jon

yes, i know, but if there are entries like this: - "GET /~peugeotgti/forum/images/smiles/icon_confused.gif HTTP/1.1"
i can be sure its working?

Hello,

The format is: %b "%r"

So you should end up with entries like this:
39716 "GET /~john/photography/cheese.jpg HTTP/1.1"

where 39716 is the bytes transferred and between the quotes is the actual request (the ~user bit is the only important part).

Phi1.

I have tried several ways
- # LoadModule, AddModule mod_userdir
- or enable LoadModule, AddModule, but have
<IfModule mod_userdir.c>
UserDir disabled
</IfModule>

but I still can access http://IP/~username. Is there any other way to disable this? In my cPanel box, I just unload mod_userdir, and no more access through IP.

thanks,

Originally posted by gate2vn
I have tried several ways
- # LoadModule, AddModule mod_userdir
- or enable LoadModule, AddModule, but have
<IfModule mod_userdir.c>
UserDir disabled
</IfModule>

but I still can access http://IP/~username. Is there any other way to disable this? In my cPanel box, I just unload mod_userdir, and no more access through IP.

thanks,

Yep I have tried all this to, and no way it works as da just does not seem to do anything with whatever you put in that part of apache !! and you are correct it works fine in WHM .
Wish I could turn this feature off as its a pain to keep searching for the sites that are taking the Micky in a crafty way.

Anyone got a fix for this problem ???

Les

Try to comment out the occurences of following string in your httpd.conf:

AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2

Originally posted by ClayRabbit
Try to comment out the occurences of following string in your httpd.conf:

AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
I Did
#AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
or should i have just taken th /~ out of that line ??

Thanks for that it did work on DA, I did comment them out on the 80 and 443 port but does this cause any other problems for ssl etc by doing this hack.

Many thanks for you input into this matter.:)
Regards

Les

I think this wouldn't cause any problems. This line needed for ip/~username/ access only.

Hmm has anyone brought this to john's attention, I mean is this an actual outstanding bug?

--edit--

ok caught up now, so I have this.

ip/~userdir works but is logging in /var/log/httpd/userdir.log

www.somedomain.com/~userdir fails which is good :)

so I guess I am all good?

Originally posted by rogerdavis
I Did
#AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2
or should i have just taken th /~ out of that line ??

Thanks for that it did work on DA, I did comment them out on the 80 and 443 port but does this cause any other problems for ssl etc by doing this hack.

Many thanks for you input into this matter.:)
Regards

Les
I have noticed that its not login the data and bandwidth anymore so I am going to edit out the
/~ in that line to see if that fixes it and stops access to /~ but puts the login back on has anyone tried this.

Les

Originally posted by Chrysalis
Hmm has anyone brought this to john's attention, I mean is this an actual outstanding bug?

--edit--

ok caught up now, so I have this.

ip/~userdir works but is logging in /var/log/httpd/userdir.log

www.somedomain.com/~userdir fails which is good :)

so I guess I am all good?
Ok If you Take the ~ out this stops the the ip/~username and it will still log bandwidth ok But they can still access by ip/username !!

but if you delite /~ in that line in apache it works as you want it to but does not log bandwidth !! so DA must be pulling data from the / part off the web and not internally on the server so has anyone played with anything else.

Regards

Les

Originally posted by rogerdavis
Ok If you Take the ~ out this stops the the ip/~username and it will still log bandwidth ok But they can still access by ip/username !!

but if you delite /~ in that line in apache it works as you want it to but does not log bandwidth !! so DA must be pulling data from the / part off the web and not internally on the server so has anyone played with anything else.

Regards

Les

Thats not the case here, if ~ is removed it would treat username as a subdir the ~ is needed to access files owned by user. And in my case it is logging this access and probably counting the traffic.

The domain/~username doesnt work so is disabled. so I dont see any problem why are people worried?

Originally posted by xcensus
Hows about a time delay feature of say 48 hrs, you create a new account and they get 48hrs of http://ip/~accountname to use that feature before it gets automatically removed.
Great idea but anyone can do that?
If anybody can plz post it here, thanks

Sure, rewrite linux :) .

Actually there's a setting you can make in your user-specific httpd.conf file, but the problem is that it gets rewritten from time to time.

The admin user can add it as custom code.

However don't forget that there are reasons why someone might need to use ~username after 48 hours; for example if s/he forgets to renew a domain name.

Or while moving to a new server.

Jeff

the /home/username/public_html symbolc link is a magic key to making /~username work .. if you delete it, then ~username will stop working. However DA will occasionaly (based on user actions, suspensions, or domain creations, etc) recreate the public_html link... so deleting it would require some persistence in keeping it gone. (you would have to setup a cronjob to run every 5 minutes or so to make sure any "old" users don't have a public_html symbolic link)... it's a bit of a hack, but might work.

John

John,

I was thinking about the apache configuration that automatically allows ~username to look in a user's directory for public_html.

I wasn't even thinking of removing it; of course we can do that; because we don't use it in httpd.conf to point to the html directory.

:)

Jeff

Heya Guys,

I am reading into this and I have a request of a user to be able to serve images based from an ip instead of a domain.

Now I'm looking into it by using:
http://IP/~username/

The strange thing however is I keep getting 404 errors.
I looked into both httpd.conf and ips.conf and both have this line within the virtualHost:

AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2

Shouldn't that just redirect to the correct public_html?

I'm kinda stuck, so any insights into this would be very appriciated!

Regards,
Armand

Hello,

That will redirect to:
/home/username/public_html

so it depends on where your username/public_html is linked to.
It may be linked to another domain in your account.

So set which one it's linked to, go to:
User Level -> Domain Setup -> check the domain and click "set as default".

John

John:

I got a redirect to the correct directory.

lrwxrwxrwx 1 domaincom32 2007-04-04 19:50 public_html -> ./domains/domain.com/public_html
virtual1:/home/domaincom#

I however did what you told me to:

Your default domain has been set
Details
domain.com is now your default domain.
/~domaincom will now point to domain.com

However I get a 400 error (when not ending with trailing slash) and 404 when adding one.