Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 80126 invoked from network); 28 Jul 2006 19:23:00 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 28 Jul 2006 19:23:00 -0000 Received: (qmail 12707 invoked by uid 500); 28 Jul 2006 19:22:50 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 12690 invoked by uid 500); 28 Jul 2006 19:22:50 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 12679 invoked by uid 99); 28 Jul 2006 19:22:50 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jul 2006 12:22:50 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: domain of thesource@ldb-jab.org designates 209.135.157.157 as permitted sender) Received: from [209.135.157.157] (HELO mail.ldb-jab.org) (209.135.157.157) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Jul 2006 12:22:48 -0700 Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.ldb-jab.org (Postfix) with ESMTP id 3248D468BE4 for ; Fri, 28 Jul 2006 14:22:22 -0500 (CDT) Received: from mail.ldb-jab.org ([127.0.0.1]) by localhost (master.ldb-jab.org [209.135.157.157]) (amavisd-new, port 10024) with ESMTP id 07382-19 for ; Fri, 28 Jul 2006 14:22:20 -0500 (CDT) Received: by mail.ldb-jab.org (Postfix, from userid 51) id 32A94468EBA; Fri, 28 Jul 2006 14:22:20 -0500 (CDT) Received: from [205.241.245.175] (unknown [205.241.245.175]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ldb-jab.org (Postfix) with ESMTP id D5F74468BE4 for ; Fri, 28 Jul 2006 14:22:15 -0500 (CDT) Message-ID: <44CA6427.1090205@ldb-jab.org> Date: Fri, 28 Jul 2006 15:23:19 -0400 From: LDB User-Agent: Mozilla Thunderbird 1.0.7 (X11/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@httpd.apache.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at ldb-jab.org X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Boyle Owen wrote: >>-----Original Message----- >>From: LDB [mailto:thesource@ldb-jab.org] >> >> >>It works like the following, >> >> >> >> >>DocumentRoot "/srv/www/mediawiki" >> > > > Options FollowSymLinks > > > This is the only directive you need in this directory container. > > All the others (especially the "Allow from all") should be in a more > specific container that applies to the doc root, eg: > > > AllowOverride None > Order allow,deny > Allow from all > > >> >>But what are the security ramifications of doing it this way >>that you recognize? > > > Never "Allow from" for a directory *above* your docroot or you allow > URLs like http://server/../path to work! > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > >>Thanks, >> >>LDB >> >>--------------------------------------------------------------------- >>The official User-To-User support forum of the Apache HTTP >>Server Project. >>See for more info. >>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> " from the digest: users-digest-unsubscribe@httpd.apache.org >>For additional commands, e-mail: users-help@httpd.apache.org >> > > > > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > Thank you much Boyle ... So now I have ... DocumentRoot "/srv/www/mediawiki" # # Configure the DocumentRoot # Options FollowSymLinks # # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs-2.2/mod/core.html#options # for more information. Options FollowSymLinks # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit AllowOverride None # Controls who can get stuff from this server. Order allow,deny Allow from all Is this correct? Thank you again Boyle, LDB --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org