'\" t .\" Title: upsset.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 10/09/2011 .\" Manual: NUT Manual .\" Source: Network UPS Tools .\" Language: English .\" .TH "UPSSET\&.CONF" "5" "10/09/2011" "Network UPS Tools" "NUT Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" upsset.conf \- Configuration for Network UPS Tools upsset\&.cgi .SH "DESCRIPTION" .sp This file only does one job\(emit lets you convince \fBupsset.cgi\fR(8) that your system\(cqs CGI directory is secure\&. The program will not run until this file has been properly defined\&. .SH "SECURITY REQUIREMENTS" .sp \fBupsset.cgi\fR(8) allows you to try login name and password combinations\&. There is no rate limiting, as the program shuts down between every request\&. Such is the nature of CGI programs\&. .sp Normally, attackers would not be able to access your \fBupsd\fR(8) server directly as it would be protected by the LISTEN directives in your \fBupsd.conf\fR(5) file, tcp\-wrappers (if available when NUT was built), and hopefully local firewall settings in your OS\&. .sp \fBupsset\fR runs on your web server, so upsd will see it as a connection from a host on an internal network\&. It doesn\(cqt know that the connection is actually coming from someone on the outside\&. This is why you must secure it\&. .sp On Apache, you can use the \&.htaccess file or put the directives in your httpd\&.conf\&. It looks something like this, assuming the \&.htaccess method: .sp .if n \{\ .RS 4 .\} .nf deny from all allow from your\&.network\&.addresses .fi .if n \{\ .RE .\} .sp You will probably have to set "AllowOverride Limit" for this directory in your server\-level configuration file as well\&. .sp If this doesn\(cqt make sense, then stop reading and leave this program alone\&. It\(cqs not something you absolutely need to have anyway\&. .sp Assuming you have all this done, and it actually works (test it!), then you may add the following directive to this file: .sp .if n \{\ .RS 4 .\} .nf I_HAVE_SECURED_MY_CGI_DIRECTORY .fi .if n \{\ .RE .\} .sp If you lie to the program and someone beats on your upsd through your web server, don\(cqt blame me\&. .SH "SEE ALSO" .sp \fBupsset.cgi\fR(8) .SS "Internet resources:" .sp The NUT (Network UPS Tools) home page: http://www\&.networkupstools\&.org/