httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Prevent remote access
Date Tue, 28 Oct 2003 15:10:39 GMT

On Tue, 28 Oct 2003, Pouchain Flore wrote:
> <Location />
>     Order deny,allow
>     Allow from @local_ip
>     Deny from all
> </Location>
>
> The problem is that I use Virtual Host. So if somebody
> use a Location directive in the VH configuration:
>
> <Location />
>      Allow from all
> </Location>
>
> the VH can now be reached directly !
>
> Does anybody know if there a server directive to
> prevent this for the whole server.

You absolutely cannot give write access to httpd.conf to anyone who isn't
trusted not to mess up the server.  That includes "Include"ed files.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message