Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
UPSSET.CONF(5)			  NUT Manual			UPSSET.CONF(5)

NAME
       upsset.conf - Configuration for Network UPS Tools upsset.cgi

DESCRIPTION
       This file only does one job -- it lets you convince upsset.cgi(8) that
       your system's CGI directory is secure. The program will not run until
       this file has been properly defined.

IMPORTANT NOTES
          Contents of this file should	be pure	ASCII (character codes not in
	   range would be ignored with a warning message).

SECURITY REQUIREMENTS
       upsset.cgi(8) allows you	to try login name and password combinations.
       There is	no rate	limiting, as the program shuts down between every
       request.	Such is	the nature of CGI programs.

       Credentials are provided	to upsset.cgi as part of your browsing
       session,	so it is highly	recommended to set up HTTPS on the web server;
       ways to do so are outside the scope of this document.

       Normally, attackers would not be	able to	access your upsd(8) server
       directly, as it would be	protected by the LISTEN	directives in your
       upsd.conf(5) file, tcp-wrappers (if available when NUT was built), and
       hopefully local firewall	settings in your OS.

       upsset runs on your web server, so upsd will see	it as a	connection
       from a host on an internal network. It doesn't know that	the connection
       is actually initiated by	someone	further	outside. This is why you must
       secure it.

       On Apache, you can use the .htaccess file or put	the directives in your
       httpd.conf. It looks something like this, assuming the .htaccess	method
       for older Apache	releases:

	   <Files upsset.cgi>
		   deny	from all
		   allow from your.network.addresses
	   </Files>

       You will	probably have to set AllowOverride Limit for this directory in
       your server-level configuration file as well.

       Modern Apache enjoys a more detailed syntax, like this:

	   ScriptAlias /upsstats.cgi /usr/share/nut/cgi/upsstats.cgi
	   ScriptAlias /upsset.cgi /usr/share/nut/cgi/upsset.cgi
	   <Directory "/usr/share/nut/cgi">
		 Options +Includes +ExecCGI
		 AllowOverride Limit
		 <RequireAny>
		     Require local
		     Require ip	aa.bb.cc.dd/nn
		 </RequireAny>
	   </Directory>

       If this doesn't make sense, then	stop reading and leave this program
       alone. It's not something you absolutely	need to	have anyway.

       Assuming	you have all this done,	and it actually	works (test it!), then
       you may add the following directive to this file:

	   I_HAVE_SECURED_MY_CGI_DIRECTORY

       If you lie to the program and someone beats on your upsd	through	your
       web server, don't blame me.

SEE ALSO
       upsset.cgi(8)

   Internet resources:
       The NUT (Network	UPS Tools) home	page: https://www.networkupstools.org/

Network	UPS Tools 2.8.2.	  04/17/2025			UPSSET.CONF(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=upsset.conf&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help