httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brolin Empey <bro...@brolin.be>
Subject Re: [users@httpd] location of vhost logs (was: how to avoid duplicating the document root in vhost conf files?)
Date Thu, 22 Oct 2009 22:24:24 GMT
2009/10/6 Brolin Empey <brolin@brolin.be>
>
> 2009/10/6 Jonathan Zuckerman <j.zuckerman@gmail.com>:
> >  Or (my preferred solution) put them outside the
> > document root; why bother putting them in the doc root and then making
> > a directory override to disallow outside access to them when the
> > simpler solution would be to just put them outside the web root and
> > never ever worry about access rules.
>
> I know that is a simpler and probably more logical solution, but I
> kept the logs under the doc root for at least 2 reasons:
>
> 1. The Web howto about configuring apache2 vhosts on Debian/Ubuntu I
> used used this config in its examples.  That howto lacks credibility,
> though, because it has errors (singular versus plural nouns) in the
> paths to the vhost conf files and does not even prevent world/public
> access to the logs!  (epic fail)
>
> 2. Because my VPS is hosting multiple vhosts, I thought it was tidier
> to keep the logs in the doc root.  I know it does not make much sense
> because the logs are not public content, but it was an arbitrary
> decision:  I had to keep the logs /somewhere/.  Yes, I suppose
> /var/log/ is a better home for apache logs than /var/www/.

I finally moved the logs outside of the doc root:  they now live in
“/var/log/apache2/vhosts/${domain_name}/”.  This config is simpler,
which is better if “complexity is the enemy of security.”.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message