[packages/apache] - make default config safe wrt mod_access_compat

baggins baggins at pld-linux.org
Mon Aug 5 19:35:55 CEST 2013 

commit e92e50817ec6d6aa9292f1bd8ccc32cec57be11a
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Mon Aug 5 19:16:05 2013 +0200

    - make default config safe wrt mod_access_compat

 apache-common.conf             | 8 ++++++++
 apache-httpd.conf              | 4 ++++
 apache-manual.conf             | 4 ++++
 apache-mod_authz_host.conf     | 4 ++++
 apache-mod_autoindex.conf      | 4 ++++
 apache-mod_info.conf           | 5 +++++
 apache-mod_proxy.conf          | 5 +++++
 apache-mod_status.conf         | 5 +++++
 apache-mod_userdir.conf        | 8 ++++++++
 apache-multilang-errordoc.conf | 4 ++++
 10 files changed, 51 insertions(+)
---
diff --git a/apache-common.conf b/apache-common.conf
index 8643668..326dcff 100644
--- a/apache-common.conf
+++ b/apache-common.conf
@@ -18,6 +18,10 @@ DocumentRoot "/home/services/httpd/html"
 	<IfModule mod_authz_host.c>
 		Require all denied
 	</IfModule>
+	<IfModule mod_access_compat.c>
+		Order deny,allow
+		Deny from all
+	</IfModule>
 </Directory>
 
 #
@@ -51,5 +55,9 @@ DocumentRoot "/home/services/httpd/html"
 	<IfModule mod_authz_host.c>
 		Require all granted
 	</IfModule>
+	<IfModule mod_access_compat.c>
+		Order allow,deny
+		Allow from all
+	</IfModule>
 
 </Directory>
diff --git a/apache-httpd.conf b/apache-httpd.conf
index 28199f7..eaec1ea 100644
--- a/apache-httpd.conf
+++ b/apache-httpd.conf
@@ -103,6 +103,10 @@ IncludeOptional webapps.d/*.conf
 		<IfModule mod_authz_host.c>
 			Require all granted
 		</IfModule>
+		<IfModule mod_access_compat.c>
+			Order allow,deny
+			Allow from all
+		</IfModule>
 	</Directory>
 </IfModule>
 
diff --git a/apache-manual.conf b/apache-manual.conf
index 709d97f..1ccd95f 100644
--- a/apache-manual.conf
+++ b/apache-manual.conf
@@ -14,6 +14,10 @@ AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/hom
 	Options Indexes
 	AllowOverride None
 	Require all granted
+	<IfModule mod_access_compat.c>
+		Order allow,deny
+		Allow from all
+	</IfModule>
 
 	<Files *.html>
 		SetHandler type-map
diff --git a/apache-mod_authz_host.conf b/apache-mod_authz_host.conf
index 6792035..5391967 100644
--- a/apache-mod_authz_host.conf
+++ b/apache-mod_authz_host.conf
@@ -6,5 +6,9 @@ LoadModule authz_host_module modules/mod_authz_host.so
 <IfModule authz_host_module>
 	<FilesMatch "^\.ht">
 		Require all denied
+		<IfModule mod_access_compat.c>
+			Order allow,deny
+			Allow from all
+		</IfModule>
 	</FilesMatch>
 </IfModule>
diff --git a/apache-mod_autoindex.conf b/apache-mod_autoindex.conf
index 7b902c6..b9c6ec1 100644
--- a/apache-mod_autoindex.conf
+++ b/apache-mod_autoindex.conf
@@ -27,6 +27,10 @@ Alias /icons/ "/home/services/httpd/icons/"
 	<IfModule mod_authz_host.c>
 		Require all granted
 	</IfModule>
+	<IfModule mod_access_compat.c>
+		Order allow,deny
+		Allow from all
+	</IfModule>
 </Directory>
 
 #
diff --git a/apache-mod_info.conf b/apache-mod_info.conf
index 9ba6d7a..4dca480 100644
--- a/apache-mod_info.conf
+++ b/apache-mod_info.conf
@@ -16,6 +16,11 @@ LoadModule info_module		modules/mod_info.so
 	# Require host .example.com
 	# Require ip 127
 	Require local
+	<IfModule mod_access_compat.c>
+		Order deny,allow
+		Deny from all
+		Allow from 127.0.0.1
+	</IfModule>
 </Location>
 
 </IfModule>
diff --git a/apache-mod_proxy.conf b/apache-mod_proxy.conf
index 757379a..041772e 100644
--- a/apache-mod_proxy.conf
+++ b/apache-mod_proxy.conf
@@ -30,6 +30,11 @@ ProxyRequests On
 <Proxy *>
 	Require all denied
 #	Require host .your-domain.com
+	<IfModule mod_access_compat.c>
+		Order deny,allow
+		Deny from all
+#		Allow from .your-domain.com
+	</IfModule>
 </Proxy>
 
 # enable local fcgi proxy request, e.x for php-fpm
diff --git a/apache-mod_status.conf b/apache-mod_status.conf
index a5fd90b..6477a23 100644
--- a/apache-mod_status.conf
+++ b/apache-mod_status.conf
@@ -17,6 +17,11 @@ LoadModule status_module		modules/mod_status.so
 	# Require host .example.com
 	# Require ip 127
 	Require local
+	<IfModule mod_access_compat.c>
+		Order deny,allow
+		Deny from all
+		Allow from 127.0.0.1
+	</IfModule>
 </Location>
 
 #
diff --git a/apache-mod_userdir.conf b/apache-mod_userdir.conf
index 1bcff5d..3b6fd29 100644
--- a/apache-mod_userdir.conf
+++ b/apache-mod_userdir.conf
@@ -21,9 +21,17 @@ UserDir public_html
 	Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
 	<Limit GET POST OPTIONS>
 		Require all granted
+		<IfModule mod_access_compat.c>
+			Order allow,deny
+			Allow from all
+		</IfModule>
 	</Limit>
 	<LimitExcept GET POST OPTIONS>
 		Require all denied
+		<IfModule mod_access_compat.c>
+			Order deny,allow
+			Deny from all
+		</IfModule>
 	</LimitExcept>
 	#<IfModule mod_php.c>
 	#	php_admin_value open_basedir "/home/users:/usr/share/pear:/usr/share/php:/tmp"
diff --git a/apache-multilang-errordoc.conf b/apache-multilang-errordoc.conf
index 0cc6af5..b4bf2a3 100644
--- a/apache-multilang-errordoc.conf
+++ b/apache-multilang-errordoc.conf
@@ -27,6 +27,10 @@ Alias /error/ "/home/services/httpd/error/"
 	AddOutputFilter Includes html
 	AddHandler type-map var
 	Require all granted
+	<IfModule mod_access_compat.c>
+		Order allow,deny
+		Allow from all
+	</IfModule>
 	LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
 	ForceLanguagePriority Prefer Fallback
 </Directory>
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/apache.git/commitdiff/3f90095f0bb6b08b0c87e359c8d0c5d307d7c594

More information about the pld-cvs-commit mailing list