httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: access.conf changes
Date Wed, 03 Jul 1996 06:56:15 GMT
On Tue, 2 Jul 1996, Alexei Kosut wrote:
> On Tue, 2 Jul 1996, Brian Behlendorf wrote:
> 
> > Here are the changes to access.conf to make it more secure, per
> > suggestions by Roy.  I, too, found it extremely puzzling the more I dug
> > into it.  For example, why would you have the "Indexes" option turned on
> > for the cgi-bin directory?!?!  And why document the XBitHack directive in
> 
> Probably so you can set up an index file there. Makes sense to me.

Setting "Indexes" turns on directory indexing, so the lack of an
index.html or index.cgi or whatever means that a full listing of all CGI
programs can be obtained.  I thought in fact we specifically disallowed
that?  Hmm.

> > 2) Changed "AllowOverride All" to "AllowOverride None".
> 
> Is this a good idea? Hmm. I'm not sure. See below, at any rate.
> 
...
> >   # This controls which options the .htaccess files in directories can
> >   # override. Can also be "None", or any combination of "Options", "FileInfo", 
> >   # "AuthConfig", and "Limit"
> >   
> > ! AllowOverride None
> 
> If you change the All to None, you then need to change the None to All
> in the comment.

Righto.

I take it this is my third +1?

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  www.apache.org  hyperreal.com  http://www.organic.com/JOBS


Mime
View raw message