On Friday 05 November 2010, Teodor MICU wrote: > I've noticed that this paragraph is still a comment in the default > conf.d/security file: > > # This currently breaks the configurations that come with some web application > # Debian packages. It will be made the default for the release after lenny. > # > #<Directory /> > # AllowOverride None > # Order Deny,Allow > # Deny from all > #</Directory> > > Are there any plans to enable this for squeeze? I know that I've > manually removed the # for my own installs and it didn't had any > side effects.
No, the comment is outdated. I forgot that I put such a definite statement about squeeze in there. The reason I have not changed it is that I am no longer so sure it would be a good idea: Webapps that ship their files in some directory outside of /var/www would have to have an "Allow from all" snippet in their configuration to work by default. Now, if the admin doesn't want "allow from all" but e.g. "allow from 192.168.0.0/24", he would have to change many distinct configuration sections, which is a pain. If there is another update for apache2 in squeeze, I will change the comment. Thanks for bringing this to my attention. Cheers, Stefan -- To UNSUBSCRIBE, email to debian-apache-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201011082117.50301...@sfritsch.de