httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From O-One <ola_...@yahoo.com>
Subject [users@httpd] Securing Apache under Windows
Date Tue, 28 Dec 2004 04:58:00 GMT
Hello all, 

I am trying to add some security other than ssl on my
Apache. In looking at the Apache Documentation, I saw
that the following 3 should be included in the
httpd.conf file.

Protecting System Settings

<Directory /> 
AllowOverride None 
</Directory> 


Protect Server Files by Default

<Directory /> 
Order Deny,Allow 
Deny from all 
</Directory> 


<Directory /usr/users/*/public_html> 
Order Deny,Allow 
Allow from all 
</Directory> 
<Directory /usr/local/httpd> 
Order Deny,Allow 
Allow from all 
</Directory>


I also have below a portion of my httpd.conf file.

<Directory "C:/Apache Group/Apache2/dede/public_html">

#
# Possible values for the Options directive are
"None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks
SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly*
--- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and
important.  Please see
#
http://httpd.apache.org/docs-2.0/mod/core.html#options
# for more information.
#
    Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed
in .htaccess files.
# It can be "All", "None", or any combination of the
keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride None

#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>

I am not so good with Apache yet, so I need help in
understanding all this. 

The last part of my snippet controls who can get
stuff, should this be "ALLOW FROM ALL" or Deny from
all and if I deny from all, does that mean no one can
browse the site.

Secondly, where in my httpd.conf file do I include
those 3 items recommended? Or do I need not include
them?

Thank you all in advance.

Ola_one


		
__________________________________ 
Do you Yahoo!? 
Dress up your holiday email, Hollywood style. Learn more. 
http://celebrity.mail.yahoo.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message