l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
June 2: Social gathering
Next Installfest:
Latest News:
May. 19: LUGOD special elections
Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] apache security question
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] apache security question

On Sun, Apr 15, 2001 at 12:28:29PM -0700, Gabriel Rosa wrote:
> I _believe_
> <Directory />
>     Options FollowSymLinks
>     AllowOverride None
> </Directory>
> is close to what you have. You probably have a "Indexes" under "Options".
> httpd.conf should be pretty well documented regarding this.
> This is from our own web server, which denies dir listings.
> hope this helps
> -Gabe
> On Sun, 15 Apr 2001, Peter Jay Salzman wrote:

Here's a snippet from my conffile that does what you want:

<Directory /var/www>
        # CGI scripts may live anywhere. No automatic directory indexes for extra
        # security. Add 'Indexes' to turn them back on.
        Options FollowSymLinks ExecCGI

        # This controls which options the .htaccess files in directories can
        # override. Can also be "All", or any combination of "Options", "FileInfo", 
        # "AuthConfig", and "Limit"
        AllowOverride All

        # Anyone can retrieve the files in /var/www.
        order allow,deny
        allow from all

Also, I suggest you add this:

# Do not allow retrieval of any files that begin with '.' or '_'
<FilesMatch "^[._]">
        order allow,deny
        deny from all

Henry House
OpenPGP key available from http://hajhouse.org/hajhouse.asc

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.