deny some files in apache by default

Arkadiusz Miskiewicz arekm at maven.pl
Wed Jul 13 08:06:11 CEST 2011


On Wednesday 13 of July 2011, Elan Ruusamäe wrote:
> On 07/12/2011 04:42 PM, Arkadiusz Miskiewicz wrote:
> > What do you think about adding to our apache default config:
> > 
> > [arekm at t400 ~/rpm/packages/apache]$ cvs diff -u apache-common.conf
> > Index: apache-common.conf
> > ===================================================================
> > RCS file: /cvsroot/packages/apache/apache-common.conf,v
> > retrieving revision 1.9
> > diff -u -u -r1.9 apache-common.conf
> > --- apache-common.conf  9 Jan 2006 11:24:05 -0000       1.9
> > +++ apache-common.conf  12 Jul 2011 13:40:56 -0000
> > @@ -19,6 +19,12 @@
> > 
> >                  Order deny,allow
> >                  Deny from all
> >          
> >          </IfModule>
> > 
> > +<IfModule mod_authz_host.c>
> 
> afaik module name is wrong

Then we have it wrong in the same config, few lines above.

> > +<FilesMatch "(~|#|^\.\?\?.*|\.inc)$">
> 
> backup files ok, maybe add more, like .BAK and .bak?
> ".inc" file, may cause conflicts
> and "^\.\?\?.*" is what? '?' needs to be esacaped and '*' not in apache?

Any file starting with .??, not sure which program makes such backup files.

> 
> perhaps you wanted to say just dot-files?:
> <FilesMatch "(^\..*|~|#|\.inc)$">
> 
> also, perhaps add to the list files that (our) lighttpd denies (vcs
> control files):

Fine for me.

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/


More information about the pld-devel-en mailing list