httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <>
Subject Re: [users@httpd] Read-only DocumentRoot
Date Thu, 14 Oct 2010 08:27:27 GMT

----- "PENIN Guillaume (SNCF Voyages/Direction des Operations SI)" <>

> Hi,
> Many of our application teams ask us to mount the Apache DocumentRoot
> FileSystem in Read-only mode for security reasons. In your opinion,
> does
> this have any kind of interest ?

Mounting the FS read-only might become inconvinient. But you definately
should not allow the webserver user to have write access to the documentroot

That is, unless your application requires uploads. Then it should 
happen in a controlled directory. i.e.: One that doesn't have
CGI or anything else executable (Options None, SetHandler none),
no .htaccesss allowed (AllowOverride None).

> Regards,
> Guillaume PENIN
> -------
> Ce message et toutes les pièces jointes sont établis à l'intention
> exclusive de ses destinataires et sont confidentiels. L'intégrité de
> ce message n'étant pas assurée sur Internet, la SNCF ne peut être
> tenue responsable des altérations qui pourraient se produire sur son
> contenu. Toute publication, utilisation, reproduction, ou diffusion,
> même partielle, non autorisée préalablement par la SNCF, est
> strictement interdite. Si vous n'êtes pas le destinataire de ce
> message, merci d'en avertir immédiatement l'expéditeur et de le
> détruire.
> -------
> This message and any attachments are intended solely for the
> addressees and are confidential. SNCF may not be held responsible for
> their contents whose accuracy and completeness cannot be guaranteed
> over the Internet. Unauthorized use, disclosure, distribution,
> copying, or any part thereof is strictly prohibited. If you are not
> the intended recipient of this message, please notify the sender
> immediately and delete it.


Igor Galić

Tel: +43 (0) 664 886 22 883

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message