deny some files in apache by default

Elan Ruusamäe glen at delfi.ee
Wed Jul 13 01:02:06 CEST 2011


On 07/12/2011 04:42 PM, Arkadiusz Miskiewicz wrote:
>
> What do you think about adding to our apache default config:
>
> [arekm at t400 ~/rpm/packages/apache]$ cvs diff -u apache-common.conf
> Index: apache-common.conf
> ===================================================================
> RCS file: /cvsroot/packages/apache/apache-common.conf,v
> retrieving revision 1.9
> diff -u -u -r1.9 apache-common.conf
> --- apache-common.conf  9 Jan 2006 11:24:05 -0000       1.9
> +++ apache-common.conf  12 Jul 2011 13:40:56 -0000
> @@ -19,6 +19,12 @@
>                  Order deny,allow
>                  Deny from all
>          </IfModule>
> +<IfModule mod_authz_host.c>

afaik module name is wrong

> +<FilesMatch "(~|#|^\.\?\?.*|\.inc)$">
backup files ok, maybe add more, like .BAK and .bak?
".inc" file, may cause conflicts
and "^\.\?\?.*" is what? '?' needs to be esacaped and '*' not in apache?

perhaps you wanted to say just dot-files?:
<FilesMatch "(^\..*|~|#|\.inc)$">

also, perhaps add to the list files that (our) lighttpd denies (vcs 
control files):

## deny access the file-extensions
#
# ~    is for backupfiles from vi, emacs, joe, ...
# .inc is often used for code includes which should in general not be part
#      of the document-root
# *,v and *,t - CVS files
url.access-deny = ( "~", ".inc", ",v", ",t" )

# forbid access to files inside CVS or RCS dirs
$HTTP["url"] =~ "/(?:CVS|RCS)/" {
         url.access-deny = ("")
}


> +                       Order deny,allow
> +                       Deny from all
> +</FilesMatch>
> +</IfModule>
>   </Directory>
>
>   #
>
> ?
>


-- 
glen


More information about the pld-devel-en mailing list