httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [PATCH] modify httpd.conf-dist defaults
Date Fri, 27 Jun 2003 16:09:15 GMT

On Wed, 25 Jun 2003, Glenn wrote:
> Ok.  I can accept that, even though we're talking the default config
> for new installations.  Security is my top priority and the Apache
> configuration is _very_ flexible and likewise _very_ complex.  Until
> I slowly learned the Apache directives one by one and had lots of
> experience with different configurations, I took the examples in the
> default httpd.conf as gospel, which was a mistake since my priorities
> are different than the ones you listed above.  For newbies, and even
> experienced admins, it would be nice if there were some examples of
> secure usage of groups of configuration directives, and why.  I'd be
> more than happy to contribute to such a document if it existed.

There is a security tips doc in the manual.  But writing that type of doc
is VERY difficult, because it touches on so many different areas, and
security means different things to different people.

Many of the comments that you included in you message are good.  I think
they are too much for the config file, but I will try to find a way to
work them in elsewhere in the docs.

If you want to help out more, you are welcome at the docs project:
docs@httpd.apache.org.

Joshua.

Mime
View raw message