httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: directory restrictiosn in access.conf-dist
Date Mon, 11 Aug 1997 19:13:49 GMT
At 11:15 AM 8/11/97 +0100, you wrote:
>On Sun, 10 Aug 1997, Roy T. Fielding wrote:
>> A good configuration
>> always starts with something like
>> 
>> <Directory />
>> Options FollowSymLinks
>> AllowOverride None
>> order allow,deny
>> deny from all
>> </Directory>
>
>I guess this might be a bit too radical, but can't we start off with this
>as the default per-dir config *in the code*. So Apache starts with very
>restrictive (and secure) configuration, and then people have to explicitly
>add <Directory>... AllowOverride...</Directory> sections to access.conf
>where they want to allow more liberal configurations? 

I would support that, but only for 2.0.

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL           brian@organic.com - hyperreal.org - apache.org

Mime
View raw message