Sunday, November 4, 2007

Serve home directories to internal IPs only with lighttpd

Recently, I decided I wanted to share home directories via HTTP to everyone on my home network. This is an easy way to share files with Windows machines where you don't have any type of sshfs-like support. The problem was that this file/web server also faces the Internet. Obviously I don't want to share our personal files to anybody who cares to look. After a bit of playing, I came up with this configuration:

$HTTP["remoteip"] != "" {
$HTTP["url"] =~ "^/~" {
url.access-deny = ( "" )
dir-listing.activate = "disable"

This allows any host with an IP in the range view any URL that begins with /~username. It denies everyone else with a 403 - Forbidden message. Note that for some reason, listing the conditions in the opposite order (url first, remoteip second) did not produce the correct results.

Finally, make sure that you have both the appropriate modules enabled:

server.modules += ( "mod_access", "mod_userdir" )

No comments:

Post a Comment