1UPSSET.CONF(5) NUT Manual UPSSET.CONF(5)
2
3
4
6 upsset.conf - Configuration for Network UPS Tools upsset.cgi
7
9 This file only does one job—it lets you convince upsset.cgi(8) that
10 your system’s CGI directory is secure. The program will not run until
11 this file has been properly defined.
12
14 upsset.cgi(8) allows you to try login name and password combinations.
15 There is no rate limiting, as the program shuts down between every
16 request. Such is the nature of CGI programs.
17
18 Normally, attackers would not be able to access your upsd(8) server
19 directly as it would be protected by the LISTEN directives in your
20 upsd.conf(5) file, tcp-wrappers (if available when NUT was built), and
21 hopefully local firewall settings in your OS.
22
23 upsset runs on your web server, so upsd will see it as a connection
24 from a host on an internal network. It doesn’t know that the connection
25 is actually coming from someone on the outside. This is why you must
26 secure it.
27
28 On Apache, you can use the .htaccess file or put the directives in your
29 httpd.conf. It looks something like this, assuming the .htaccess
30 method:
31
32 <Files upsset.cgi>
33 deny from all
34 allow from your.network.addresses
35 </Files>
36
37 You will probably have to set "AllowOverride Limit" for this directory
38 in your server-level configuration file as well.
39
40 If this doesn’t make sense, then stop reading and leave this program
41 alone. It’s not something you absolutely need to have anyway.
42
43 Assuming you have all this done, and it actually works (test it!), then
44 you may add the following directive to this file:
45
46 I_HAVE_SECURED_MY_CGI_DIRECTORY
47
48 If you lie to the program and someone beats on your upsd through your
49 web server, don’t blame me.
50
52 upsset.cgi(8)
53
54 Internet resources:
55 The NUT (Network UPS Tools) home page: http://www.networkupstools.org/
56
57
58
59Network UPS Tools 09/15/2011 UPSSET.CONF(5)