httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gareth Kirwan" <g...@thermeoneurope.com>
Subject RE: [users@httpd] how to block hackers ?
Date Tue, 21 Jan 2003 16:38:34 GMT
Sorry for the top post.

1) Nobody should have access to your .ht* files.
A default configuration in your httpd.conf is:
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

2) ../../etc/passwd: They shouldn't / can't access documents outside the
directory structure of the site.

3) For general blocking just use
Order allow, deny
Allow from all
Deny from x.x.x.x
[ Though Order might be the other way round, but I'm fairly sure that's
right ]

> -----Original Message-----
> From: R'twick Niceorgaw [mailto:public@utkalika.net]

> Hi all,
> is there any way i can specify in httpd.conf or htaccess file
> to deny access
> to a specific IP if certain criteria is met in the request
> like if some one
> tries to access /.htaccess or ../../etc/passwd ?
>
> Regards
> R'twick
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message