www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Systemadministrator <r...@freibier.htu.tuwien.ac.at>
Subject documentation/9523: bug in security-tips, 'Allow from all' instead of 'Deny from all'
Date Thu, 17 Jan 2002 16:53:04 GMT

>Number:         9523
>Category:       documentation
>Synopsis:       bug in security-tips, 'Allow from all' instead of 'Deny from all'
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          doc-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Jan 18 03:30:00 PST 2002
>Originator:     root@freibier.htu.tuwien.ac.at
>Release:        1.3+
Online-Documentation at http://httpd.apache.org/docs/

Headline: Protecting System Settings

Allow from all
This stops all overrides, Includes and accesses in all directories apart from those named.

'Allow from all' doesn't stop all accesses!
it should be 'Deny from all'
- Allow from all<br />
+ Deny from all<br />
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]

View raw message