deny some files in apache by default
Elan Ruusamäe
glen at delfi.ee
Wed Jul 13 01:02:06 CEST 2011
On 07/12/2011 04:42 PM, Arkadiusz Miskiewicz wrote:
>
> What do you think about adding to our apache default config:
>
> [arekm at t400 ~/rpm/packages/apache]$ cvs diff -u apache-common.conf
> Index: apache-common.conf
> ===================================================================
> RCS file: /cvsroot/packages/apache/apache-common.conf,v
> retrieving revision 1.9
> diff -u -u -r1.9 apache-common.conf
> --- apache-common.conf 9 Jan 2006 11:24:05 -0000 1.9
> +++ apache-common.conf 12 Jul 2011 13:40:56 -0000
> @@ -19,6 +19,12 @@
> Order deny,allow
> Deny from all
> </IfModule>
> +<IfModule mod_authz_host.c>
afaik module name is wrong
> +<FilesMatch "(~|#|^\.\?\?.*|\.inc)$">
backup files ok, maybe add more, like .BAK and .bak?
".inc" file, may cause conflicts
and "^\.\?\?.*" is what? '?' needs to be esacaped and '*' not in apache?
perhaps you wanted to say just dot-files?:
<FilesMatch "(^\..*|~|#|\.inc)$">
also, perhaps add to the list files that (our) lighttpd denies (vcs
control files):
## deny access the file-extensions
#
# ~ is for backupfiles from vi, emacs, joe, ...
# .inc is often used for code includes which should in general not be part
# of the document-root
# *,v and *,t - CVS files
url.access-deny = ( "~", ".inc", ",v", ",t" )
# forbid access to files inside CVS or RCS dirs
$HTTP["url"] =~ "/(?:CVS|RCS)/" {
url.access-deny = ("")
}
> + Order deny,allow
> + Deny from all
> +</FilesMatch>
> +</IfModule>
> </Directory>
>
> #
>
> ?
>
--
glen
More information about the pld-devel-en
mailing list