> > Ok, it looks like the new apache2 httpd.conf has these:
> >
> > <Directory "/var/www/localhost/htdocs">
> > Options Indexes FollowSymLinks
> > AllowOverride None
> > Order allow,deny
> > Allow from all
> > </Directory>
> >
> > <Directory />
> > Options FollowSymLinks
> > AllowOverride None
> > </Directory>
> >
> > Is that sufficient considering I serve everything from:
> >
> > /var/www/localhost/htdocs
> >
> > and:
> >
> > /var/www/localhost/htdocs/admin
> >
> > or should I make some changes? I would think the Gentoo devs set
> > these up to be pretty safe. I did add this to the end of the file:
> >
> > Options -Indexes
>
> This switches off Directory Indexes which is probabl not what you want...
I don't need anyone browsing around in my image directory. I think
that's the only thing +Indexes would mean for me. I thought that was
a really common config though.
A long time ago I read that this would be a good apache config to add:
<Directory />
AllowOverride None
Order Deny,Allow
Deny from all
</Directory>
so I had it in there until it combined with the new Gentoo apache2
layout to 403 https pages. I don't want to expose my system but
removing that block is the only way to make https work. Am I OK
without it considering the defaults quoted above, or do I need
something like it for security?
- Grant
--
[email protected] mailing list
