That's not really an easy answer. That completely eliminates the web access of RANCID, which eliminates the ability to view differences between two archived configurations.<div><br></div><div>The real answer is to configure the web server to do the appropriate authentication and authorization so that a username and password is required to view configurations. That's something you have to refer to your web server's documentation for.</div>
<div><br></div><div>oo</div><div><br><div class="gmail_quote">2010/4/8 <span dir="ltr"><<a href="mailto:Dan_Mitton@ymp.gov">Dan_Mitton@ymp.gov</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<br><font size="2" face="sans-serif">Nicky,</font>
<br>
<br><font size="2" face="sans-serif">What OS are we talking about? The
easy answer is to remove cvsweb.cgi, but if you don't want to do that,
make sure that your web server and rancid processes run with separate user
id's and that the two can not read each others files.</font>
<br>
<br><font size="2" face="sans-serif">Dan</font>
<br>
<br>
<br>
<p><font size="1" color="#800080" face="sans-serif">Sent by:
<a href="mailto:rancid-discuss-bounces@shrubbery.net" target="_blank">rancid-discuss-bounces@shrubbery.net</a></font>
</p><p><font size="1" color="#800080" face="sans-serif">To:
</font><font size="1" face="sans-serif"><a href="mailto:rancid-discuss@shrubbery.net" target="_blank">rancid-discuss@shrubbery.net</a></font>
<br><font size="1" color="#800080" face="sans-serif">cc:
</font><font size="1" face="sans-serif">(bcc: Dan Mitton/YD/RWDOE)</font>
<br><font size="1" color="#800080" face="sans-serif">Subject:
</font><font size="1" face="sans-serif">[rancid] No
Password required to read Configs.</font>
</p><div align="right">
<br><font size="1" face="sans-serif">LSN: </font><font size="1" color="#008000" face="sans-serif">Not
Relevant - Not Privileged</font>
<br><font size="1" face="sans-serif">User Filed as: </font><font size="1" color="blue" face="sans-serif">Excl/AdminMgmt-14-4/QA:N/A</font>
<br></div><div><div></div><div class="h5">
<br><font size="3">Hi All,<br>
<br>
We have a Rancid installation on an internal IP. Everything is pretty
much default and only our Cisco devices are managed through Rancid.
I just noticed a truck sized hole in my config however. <br>
<br>
If you enter </font><a href="http://192.168.32.2/cgi-bin/cvsweb.cgi/" target="_blank"><font size="3" color="blue"><u>http://192.168.32.2/cgi-bin/cvsweb.cgi/</u></font></a></div></div><font size="3">
on your browser, you can access the config files for all our devices without
a password.<div><div></div><div class="h5"><br>
<br>
I have limited the IPs which can reach port 80 but that is far from enough.
What must I change to protect this data? Is there a howto?
Did I miss a section of the installation manual? <br>
<br></div></div>
Nicky.</font><tt><font size="2">_______________________________________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@shrubbery.net" target="_blank">Rancid-discuss@shrubbery.net</a><br>
</font></tt><a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" target="_blank"><tt><font size="2">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</font></tt></a>
<br>
<br><p></p><p></p><br>_______________________________________________<br>
Rancid-discuss mailing list<br>
<a href="mailto:Rancid-discuss@shrubbery.net">Rancid-discuss@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss</a><br></blockquote></div><br></div>