ruTorrent + SCGI + https

dsouvik215

Member
May 25, 2018
896
0
16
Hello fellow rutorrent users,

Recently I have installed rutorrent + rtorrent and... wow...NICE!!!

I followed a guide to how to setup rtorrent + rutorrent + login in webinterface.
All was setup well, all seemed to work, but... (always a but...)
As a android user, I've tried to access rtorrent (through /RPC2 port), without password... and... wow, It was working...
I asked myself: what is the use to have a login on the Web interface, if anyone can access rtorrent directly through the RPC2 port? (I think its no use...)

so... Does anyone knows I can I protect this?
(Have a login for the webpage, and for the RPCport?)

(PS: I have rtorrent running with a single login, and 3 users. users can see all torrents downloading, from all users, and I want it like this. But how can I setup diferent access rules, for example, one user can change upload and download speed, but the others dont? - No problem if I have to have multiple logins for each user)

Thanks in advance!
 

das329717

Member
May 25, 2018
928
0
16
you can do a couple things.

First of all, which webserver are you using. You likely didn't set up auth correctly.

Secondly, you could remove SCGI entirely and use the httprpc or rpc plugin. This handles everything via php
 

dsouvik215

Member
May 25, 2018
896
0
16
Quote
you can do a couple things.

First of all, which webserver are you using. You likely didn't set up auth correctly.

Secondly, you could remove SCGI entirely and use the httprpc or rpc plugin. This handles everything via php



Forgot about that, sorry.

I'm using apache2 in ubuntu server 32bits.

I would like to use with SCGI, or alternatives that allow me to connect rtorrent with my Android (I'm using Transdroid to connect to rTorrent)


Thanks
 

jith45

Member
May 25, 2018
960
0
16
Quote
Does anyone knows I can I protect this?​


Make sure your RPC mounts are inside a location which requires authorisation

So either make sure that authorisation is required at root level using something like this

Code:
<Location />
Require valid-user
:
: etc...

Or change your SCGI mount points - So if you access RuTorrent with something like http://example.com/rutorrent and your <Location> block looks something like this
Code:
<Location /rutorrent/>
Require valid-user
:
: etc...

Do something like this in httpd.conf -
Code:
SCGIMount /rutorrent/RPC2 127.0.0.1:5002

Don't forget to edit the rtorrent and RuTorrent config files to match