I added a navigation menu at the top of the page, to make it easier to work your way through the document.
Index: httpd-docs-1.3/htdocs/manual/misc/security_tips.html =================================================================== RCS file: /home/cvspublic/httpd-docs-1.3/htdocs/manual/misc/security_tips.html,v retrieving revision 1.23 diff -u -r1.23 security_tips.html --- httpd-docs-1.3/htdocs/manual/misc/security_tips.html 2001/09/24 01:36:41 1.23 +++ httpd-docs-1.3/htdocs/manual/misc/security_tips.html 2001/10/02 03:52:19 @@ -15,6 +15,23 @@ <!--#include virtual="header.html" --> <H1 ALIGN="CENTER">Security Tips for Server Configuration</H1> + +<ul> +<li><a href="#serverroot">Permissions on ServerRoot Directories</a></li> + +<li><a href="#ssi">Server Side Includes</a> + +<li><a href="#nsaliasedcgi">Non Script Aliased CGI</a></li> + +<li><a href="#saliasedcgi">Script Aliased CGI</a></li> + +<li><a href="#cgi">CGI in General</a></li> + +<li><a href="#systemsettings">Protecting System Settings</a></li> + +<li><a href="#protectserverfiles">Protect Server Files by Default</a></li> +</ul> + <HR> <P>Some hints and tips on security issues in setting up a web server. Some of @@ -69,7 +86,7 @@ may be able to overwrite the log itself with bogus data. <P> <HR> -<H2>Server Side Includes</H2> +<h2><a name="ssi">Server Side Includes</a></h2> <P>Server side includes (SSI) can be configured so that users can execute arbitrary programs on the server. That thought alone should send a shiver down the spine of any sys-admin.<P> @@ -80,7 +97,7 @@ <HR> -<H2>Non Script Aliased CGI</H2> +<h2><a name="nsaliasedcgi">Non Script Aliased CGI</a></h2> <P>Allowing users to execute <STRONG>CGI</STRONG> scripts in any directory should only be considered if; @@ -93,7 +110,7 @@ </OL><P> <HR> -<H2>Script Alias'ed CGI</H2> +<h2><a name="saliasedcgi">Script Aliased CGI</a></h2> <P>Limiting <STRONG>CGI</STRONG> to special directories gives the admin control over what goes into those directories. This is inevitably more secure than @@ -104,7 +121,7 @@ Most sites choose this option over the non script aliased CGI approach.<P> <HR> -<H2>CGI in general</H2> +<h2><a name="cgi">CGI in General</a></h2> <P>Always remember that you must trust the writers of the CGI script/programs or your ability to spot potential security holes in CGI, whether they were deliberate or accidental.<P> @@ -121,7 +138,7 @@ <HR> -<H2>Stopping users overriding system wide settings...</H2> +<h2><a name="systemsettings">Protecting System Settings</a></h2> <P>To run a really tight ship, you'll want to stop users from setting up <CODE>.htaccess</CODE> files which can override security features you've configured. Here's one way to do it...<P> @@ -141,7 +158,7 @@ from those named.<P> <HR> <H2> - Protect server files by default +<a name="protectserverfiles">Protect Server Files by Default</a> </H2> <P> One aspect of Apache which is occasionally misunderstood is the feature -- Allan Liska [EMAIL PROTECTED] http://www.allan.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
