• Two questions regarding web interface

    From Karloch@1:103/705 to All on Mon Jan 14 01:13:20 2019
    Hi *.*,

    I have two questions regarding the Synchronet web interface:

    * Is it possible to disable or make less verbose the log to syslog? It usually floods it and makes harder to follow up the other services. Even if I disable the HTTP_LOGGING in sbbs.ini, it still logs to the syslog.
    * Is it possible to use ACLs to restict message areas for users accessing through web interface? For instance, I would like to make FidoNet only accesible from Telnet or SSH, not web.

    Regards,
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From echicken@1:103/705 to Karloch on Sun Jan 13 22:10:03 2019
    Re: Two questions regarding web interface
    By: Karloch to All on Mon Jan 14 2019 01:13:20

    * Is it possible to disable or make less verbose the log to syslog? It usually floods it and makes harder to follow up the other services. Even if I disable the HTTP_LOGGING in sbbs.ini, it still logs to the syslog.

    Do you have a LogLevel set in the [Web] section of sbbs.ini? If not, it's defaulting to whatever your global setting is (I think).

    * Is it possible to use ACLs to restict message areas for users accessing through web interface? For instance, I would like to make FidoNet only accesible from Telnet or SSH, not web.

    It's *possible* that you could use the Access Requirements setting for a group or sub to accomplish this, but I'm not sure if there's a good way to do this. DigitalMan might have some thoughts. Maybe the Connect Rate or Node Number requirements could be used.

    At the moment the best you can do is prevent your guest user from reading those
    areas, so that unautenticated clients (such as web crawlers) can't see them. You can have a different guest user for web vs. the rest of your BBS (the 'guest' setting in the [web] section of modopts.ini).

    I could add a whitelist/blacklist setting to hide groups or subs, but it would be a bit inelegant.

    ---
    echicken
    electronic chicken bbs - bbs.electronicchicken.com - 416-425-5435
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Karloch on Mon Jan 14 00:44:36 2019
    Re: Two questions regarding web interface
    By: Karloch to All on Mon Jan 14 2019 01:13 am

    Hi *.*,

    I have two questions regarding the Synchronet web interface:

    * Is it possible to disable or make less verbose the log to syslog? It usually floods it and makes harder to follow up the other services. Even if I disable the HTTP_LOGGING in sbbs.ini, it still logs to the syslog.

    The HTTP_LOGGING option is for the creation of the standard "http access log files", in data/logs. If you're not using these for any purpose (e.g. collecting statistics or using 3rd party monitoring software), I recommend you disable that option. It will just fill your disk with unused files otherwise:

    rswindell@cvs:/sbbs/data/logs$ ll http-*.log
    -bash: /bin/ls: Argument list too long

    * Is it possible to use ACLs to restict message areas for users accessing through web interface? For instance, I would like to make FidoNet only accesible from Telnet or SSH, not web.

    There is a "PROT" (protocl) ARS keyword: http://wiki.synchro.net/access:requirements

    So you could set a message group or sub-board to have an Access Requirements of
    "PROT != HTTP AND PROT != HTTPS" for example.

    You might be able to accomplish what you want by just restricting to authenticated users: "USER 1 AND !GUEST", as web users are unuathenticated (User 0) or Guest by default. That might be preferable.

    digital man

    Synchronet "Real Fact" #57:
    Synchronet introduced Telnet, FTP, SMTP and POP3 support w/v3.00a-Win32 in 2000.
    Norco, CA WX: 52.3øF, 69.0% humidity, 0 mph WSW wind, 0.00 inches rain/24hrs --- SBBSecho 3.06-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Karloch@1:103/705 to echicken on Tue Jan 15 00:23:29 2019
    Re: Two questions regarding web interface
    By: echicken to Karloch on Sun Jan 13 2019 22:10:03

    Do you have a LogLevel set in the [Web] section of sbbs.ini? If not, it's defaulting to whatever your global setting is (I think).

    That made the trick. I didn't know I could set loglevel by service. Quite useful! My log was flooded with web logging :)

    Thank you,
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Karloch@1:103/705 to Digital Man on Tue Jan 15 00:27:42 2019
    Re: Two questions regarding web interface
    By: Digital Man to Karloch on Mon Jan 14 2019 00:44:36

    There is a "PROT" (protocl) ARS keyword: http://wiki.synchro.net/access:requirements

    That was just what I was looking for! I missed that in the documentation.

    So you could set a message group or sub-board to have an Access Requirements of "PROT != HTTP AND PROT != HTTPS" for example.

    In my case for FidoNet area would be something like "!GUEST AND PROT != HTTP and PROT != HTTPS", but it looks like I run out of characters for the ARS key word. Is the designed behavior? Must I restrict to what fits in the string?

    You might be able to accomplish what you want by just restricting to authenticated users: "USER 1 AND !GUEST", as web users are unuathenticated (User 0) or Guest by default. That might be preferable.

    That would be another option, but R34 area discourages any kind of web gateway;
    I guess they have their point. What I do not understand is the "USER 1 AND !GUEST". By writting USER 1 am I not referencing the sysop?

    Regards,
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Digital Man@1:103/705 to Karloch on Mon Jan 14 19:35:15 2019
    Re: Two questions regarding web interface
    By: Karloch to Digital Man on Tue Jan 15 2019 12:27 am

    Re: Two questions regarding web interface
    By: Digital Man to Karloch on Mon Jan 14 2019 00:44:36

    There is a "PROT" (protocl) ARS keyword: http://wiki.synchro.net/access:requirements

    That was just what I was looking for! I missed that in the documentation.

    So you could set a message group or sub-board to have an Access Requirements of "PROT != HTTP AND PROT != HTTPS" for example.

    In my case for FidoNet area would be something like "!GUEST AND PROT !=
    HTTP
    and PROT != HTTPS", but it looks like I run out of characters for the ARS key word. Is the designed behavior? Must I restrict to what fits in the string?

    The strings are limited in length, but there are plenty of shorthand reprenstations (e.g. "&" intead of "AND", "$U" instead of "USER") and you can remove the spaces.

    You might be able to accomplish what you want by just restricting to authenticated users: "USER 1 AND !GUEST", as web users are unuathenticated (User 0) or Guest by default. That might be preferable.

    That would be another option, but R34 area discourages any kind of web gateway; I guess they have their point.

    I'm pretty sure they're referring to anonymous-web gateways (e.g. to keep the msgs out of the eyes of web crawling bots).

    What I do not understand is the
    "USER 1 AND !GUEST". By writting USER 1 am I not referencing the sysop?

    No. The default logic is "greater than or equal", so an ARS of "USER 1" is saying "user number greater than or equal to 1", thus excluding user number 0 (an unauthenticated user) from meeting the requirement.

    digital man

    Synchronet/BBS Terminology Definition #40:
    KD = King Drafus (Allen Christiansen)
    Norco, CA WX: 48.8øF, 94.0% humidity, 0 mph WSW wind, 0.31 inches rain/24hrs --- SBBSecho 3.06-Linux
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From mark lewis@1:3634/12.73 to Karloch on Tue Jan 15 14:22:44 2019

    On 2019 Jan 15 00:23:28, you wrote to echicken:

    Do you have a LogLevel set in the [Web] section of sbbs.ini? If not,
    it's defaulting to whatever your global setting is (I think).

    That made the trick. I didn't know I could set loglevel by service.
    Quite useful! My log was flooded with web logging :)

    i use methods like this to limit what i'm monitoring or looking for... the following are for following the logs live...

    # tail full synchronet logging
    tail -F /var/log/syslog | egrep -e "synchronet:"

    # tail only synchronet event logging
    tail -F /var/log/syslog | egrep -e "synchronet: evnt "

    # tail only synchronet ftp logging
    tail -F /var/log/syslog | egrep -e "synchronet: ftp "

    #tail only synchronet mail logging
    tail -F /var/log/syslog | egrep -e "synchronet: mail "

    # tail only synchronet services logging
    tail -F /var/log/syslog | egrep -e "synchronet: srvc "

    # tail only synchronet terminal logging
    tail -F /var/log/syslog | egrep -e "synchronet: term "

    # tail only synchronet web logging
    tail -F /var/log/syslog | egrep -e "synchronet: web "


    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... We hired you to baby sit. You cooked and ate them BOTH?
    ---
    * Origin: (1:3634/12.73)
  • From Karloch@1:103/705 to Digital Man on Wed Jan 16 00:53:29 2019
    Re: Two questions regarding web interface
    By: Digital Man to Karloch on Mon Jan 14 2019 19:35:15

    The strings are limited in length, but there are plenty of shorthand reprenstations (e.g. "&" intead of "AND", "$U" instead of "USER") and you can remove the spaces.

    That indeed comes handy, no problems so far definind ARS string :)

    I'm pretty sure they're referring to anonymous-web gateways (e.g. to keep the msgs out of the eyes of web crawling bots).

    That makes sense, I will follow your tip and just cut down unauthenticated and unapproved access (I use the N restriction for unapproved users).

    No. The default logic is "greater than or equal", so an ARS of "USER 1" is saying "user number greater than or equal to 1", thus excluding user
    number
    0 (an unauthenticated user) from meeting the requirement.

    Quite clear now, thank you! :)

    Thank you!
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From Karloch@1:103/705 to mark lewis on Wed Jan 16 20:08:48 2019
    Re: Two questions regarding web interface
    By: mark lewis to Karloch on Tue Jan 15 2019 14:22:44

    i use methods like this to limit what i'm monitoring or looking for... the following are for following the logs live...

    Valid ones indeed, but I want to avoid the file log growing too much in a short
    time. Decreasing web verbosity to 4 (warnings) is just what I was looking for.

    Thanks anyway!
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
  • From mark lewis@1:3634/12.73 to Karloch on Thu Jan 17 03:49:38 2019

    On 2019 Jan 16 20:08:48, you wrote to me:

    i use methods like this to limit what i'm monitoring or looking
    for... the following are for following the logs live...

    Valid ones indeed, but I want to avoid the file log growing too much
    in a short time.

    on the one hand, i can understand that :)

    Decreasing web verbosity to 4 (warnings) is just what I was looking
    for.

    i'm glad you found a solution... me? i let logrotate handle archiving the file if it is larger than specified in the logrotate script... i just changed mine to retain 45 days (IIRC) of logs so i might have time to go back and look for possible problems and even trends in activities ;)

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Nothing is more despicable than respect based on fear.
    ---
    * Origin: (1:3634/12.73)
  • From Karloch@1:103/705 to mark lewis on Sun Jan 20 17:20:03 2019
    Re: Two questions regarding web interface
    By: mark lewis to Karloch on Thu Jan 17 2019 03:49:38

    i'm glad you found a solution... me? i let logrotate handle archiving the file if it is larger than specified in the logrotate script... i just changed mine to retain 45 days (IIRC) of logs so i might have time to go back and look for possible problems and even trends in activities ;)

    Logrotate, that was a really good idea! I already put that intro production, very handy. Thanks for the suggestion :)

    Regards,
    Carlos

    ---
    þ Synchronet þ HISPAMSX BBS - The 8-bit MSX computers BBS - 2:341/111@fidonet
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)