httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jsl...@gmail.com>
Subject Re: [users@httpd] Getting more control over security/permission settings
Date Wed, 01 Sep 2004 18:03:29 GMT
On Wed, 1 Sep 2004 13:54:49 -0400, Eli <eli-list@experthost.com> wrote:
> By having the FrontPage extensions on the server, I am required to set
> "AllowOverride All" to the root folder of all my websites, so that the
> FrontPage extensions stuff can work - it creates .htaccess files with
> "Options" settings and such to try and control security per directory.  I
> don't believe there is any way around this problem with the FrontPage
> extensions, as my problems would be instantly solved if I could instead just
> use FilesMatch to create one global regex type set of permissions for the
> special FrontPage folders.  This isn't the case however :P

Obviously this is a frontpage problem, and you're not going to have
much help rearchitecting the entire config structure of apache to get
around frontpage.

But you can probably take advantage of some of the fine points listed here:
http://httpd.apache.org/docs-2.0/sections.html

For example,
<Location />
Options -ExecCGI
</Location>
should disable CGI everywhere and should not be overridable through .htaccess.

Other possibilities are more social: define a policy for what is
allowed in .htaccess, plus a regular cron job to scan .htaccess files
to make sure they match that policy.  Then kick off anyone who breaks
your policy.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message