On Thu, 2025-05-29 at 20:05 -0400, Jeffrey Walton wrote: > Also see > <https://docs.fedoraproject.org/en-US/fedora-server/services/httpd-basic-setup/> > and the section, "Configure a Virtual Host for the domain".
When following such instructions, you have to be careful about the choice of where you put virtually hosted sites. If you do decide to make sub-directories inside /var/www/html (as some advocate, and is mentioned in that linked page) you have to make sure that nobody connecting to the IP of the server can simply append the filepath used by the site to the IP address, and bypass any security restrictions. My advice is never do it. *Always* do virtual hosts outside of /var/www/html. Hackers will try to find things, make it impossible for them. My public server's logs has long lists of hacking attempts that will fail because what they're looking for doesn't exist. But obviously it does exist for other webservers. Years ago it was commonly FrontPage weaknesses they targeted, recently it's WordPress. Neither of which I use. Just about all of those content management systems have flaws, and you need to keep on top of updates on a daily matter. And people install them and configure them in dumb ways too (such us making everything world readable and writeable). -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 (yes, this is the output from uname for this PC when I posted) Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
