httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allan Liska <>
Subject [PATCH] security_tips.html II
Date Tue, 02 Oct 2001 03:47:19 GMT

I added a navigation menu at the top of the page, to make it easier to
work your way through the document.

Index: httpd-docs-1.3/htdocs/manual/misc/security_tips.html
RCS file: /home/cvspublic/httpd-docs-1.3/htdocs/manual/misc/security_tips.html,v
retrieving revision 1.23
diff -u -r1.23 security_tips.html
--- httpd-docs-1.3/htdocs/manual/misc/security_tips.html	2001/09/24 01:36:41	1.23
+++ httpd-docs-1.3/htdocs/manual/misc/security_tips.html	2001/10/02 03:52:19
@@ -15,6 +15,23 @@
 <!--#include virtual="header.html" -->
 <H1 ALIGN="CENTER">Security Tips for Server Configuration</H1>

+<li><a href="#serverroot">Permissions on ServerRoot Directories</a></li>
+<li><a href="#ssi">Server Side Includes</a>
+<li><a href="#nsaliasedcgi">Non Script Aliased CGI</a></li>
+<li><a href="#saliasedcgi">Script Aliased CGI</a></li>
+<li><a href="#cgi">CGI in General</a></li>
+<li><a href="#systemsettings">Protecting System Settings</a></li>
+<li><a href="#protectserverfiles">Protect Server Files by Default</a></li>

 <P>Some hints and tips on security issues in setting up a web server. Some of
@@ -69,7 +86,7 @@
 may be able to overwrite the log itself with bogus data.
-<H2>Server Side Includes</H2>
+<h2><a name="ssi">Server Side Includes</a></h2>
 <P>Server side includes (SSI) can be configured so that users can execute
 arbitrary programs on the server. That thought alone should send a shiver
 down the spine of any sys-admin.<P>
@@ -80,7 +97,7 @@


-<H2>Non Script Aliased CGI</H2>
+<h2><a name="nsaliasedcgi">Non Script Aliased CGI</a></h2>
 <P>Allowing users to execute <STRONG>CGI</STRONG> scripts in any directory
 should only
 be considered if;
@@ -93,7 +110,7 @@

-<H2>Script Alias'ed CGI</H2>
+<h2><a name="saliasedcgi">Script Aliased CGI</a></h2>
 <P>Limiting <STRONG>CGI</STRONG> to special directories gives the admin
 control over
 what goes into those directories. This is inevitably more secure than
@@ -104,7 +121,7 @@
 Most sites choose this option over the non script aliased CGI approach.<P>

-<H2>CGI in general</H2>
+<h2><a name="cgi">CGI in General</a></h2>
 <P>Always remember that you must trust the writers of the CGI script/programs
 or your ability to spot potential security holes in CGI, whether they were
 deliberate or accidental.<P>
@@ -121,7 +138,7 @@

-<H2>Stopping users overriding system wide settings...</H2>
+<h2><a name="systemsettings">Protecting System Settings</a></h2>
 <P>To run a really tight ship, you'll want to stop users from setting
 up <CODE>.htaccess</CODE> files which can override security features
 you've configured. Here's one way to do it...<P>
@@ -141,7 +158,7 @@
 from those named.<P>
- Protect server files by default
+<a name="protectserverfiles">Protect Server Files by Default</a>
 One aspect of Apache which is occasionally misunderstood is the feature

Allan Liska

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message