Re: [vox-tech] apache security question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] apache security question
On Sun, Apr 15, 2001 at 12:28:29PM -0700, Gabriel Rosa wrote:
> I _believe_
>
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> </Directory>
>
> is close to what you have. You probably have a "Indexes" under "Options".
> httpd.conf should be pretty well documented regarding this.
>
> This is from our own web server, which denies dir listings.
>
> hope this helps
>
> -Gabe
>
> On Sun, 15 Apr 2001, Peter Jay Salzman wrote:
Here's a snippet from my conffile that does what you want:
<Directory /var/www>
# CGI scripts may live anywhere. No automatic directory indexes for extra
# security. Add 'Indexes' to turn them back on.
Options FollowSymLinks ExecCGI
# This controls which options the .htaccess files in directories can
# override. Can also be "All", or any combination of "Options", "FileInfo",
# "AuthConfig", and "Limit"
AllowOverride All
# Anyone can retrieve the files in /var/www.
order allow,deny
allow from all
</Directory>
Also, I suggest you add this:
# Do not allow retrieval of any files that begin with '.' or '_'
<FilesMatch "^[._]">
order allow,deny
deny from all
</FilesMatch>
--
Henry House
OpenPGP key available from http://hajhouse.org/hajhouse.asc
|
