Christopher Drost wrote: > > The error comes when misc/security_tips.html#protectserverfiles also > claims a resolution to this problem. The resolution consists of > sticking the directive: > > <Directory /> > Order Deny, Allow > Deny from all > </Directory>
No, I don't believe it's claiming that this is the entire solution. This is one piece of a multi-layer puzzle. The proper solution is to not allow Options FollowSymLinks from *any* untrusted (user modifiable) system path. Only root-owned directories should be set to allow FollowSymLinks (which is much faster) while the user controlled directories should not. If the documentation is unclear, I'd agree this needs to be clarified. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
